how to allow non-root user to send message to systemd?

DeanAnderson · 08-31-2021, 02:25 AM

Hi
My app run as non root user. And it fails on:

Code:

sd_bus_call_method(
              bus,
              "org.freedesktop.login1",
              "/org/freedesktop/login1",
               "org.freedesktop.login1.Manager",

because of lack of permissions. I prepared file:

Code:

<!DOCTYPE busconfig PUBLIC
          "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
          "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy user="terko">
    <allow send_destination="org.freedesktop.login1"
           send_interface="org.freedesktop.login1.Manager" />
    <allow send_destination="org.freedesktop.systemd1"
           send_interface="org.freedesktop.systemd1.Manager" />
    <allow send_destination="org.freedesktop.systemd1"
           send_interface="org.freedesktop.DBus.Properties" />
    <allow send_destination="org.freedesktop.login1"
           send_interface="*" />
    <allow send_destination="org.freedesktop.systemd1"
           send_interface="*" />
  </policy>
</busconfig>

and I placed it in terko-dbus.conf file /etc/dbus-1/system.d/ (I tried also /usr/share/dbus-1/system.d) in linux image with the aid of yocto bitbake but still issue occurs. What is lack in my config file? I placed also:

Code:

      <policy context="default">
    <allow own="*"/>
    <allow send_type="method_call"/>
  </policy>

as in system.conf by default it is deny:

Code:

<policy context="default">
    <!-- All users can connect to system bus -->
    <allow user="*"/>

    <!-- Holes must be punched in service configuration files for
         name ownership and sending method calls -->
    <deny own="*"/>
    <deny send_type="method_call"/>
...

however it didn't help. Any ideas?

ondoho · 09-02-2021, 12:22 PM

There simply isn't enough context here to even ask for details - I don't know what to ask for.
Unless someone happens to drop in who recognizes this mystery app, and what exactly you are trying to achieve there, I suggest you read the first two non-covid links in my signature, then try again.
Thank You.

Quote:

Originally Posted by DeanAnderson

Hi
My app run as non root user. And it fails on:

Code:

sd_bus_call_method(
              bus,
              "org.freedesktop.login1",
              "/org/freedesktop/login1",
               "org.freedesktop.login1.Manager",

because of lack of permissions. I prepared file:

Code:

<!DOCTYPE busconfig PUBLIC
          "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
          "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy user="terko">
    <allow send_destination="org.freedesktop.login1"
           send_interface="org.freedesktop.login1.Manager" />
    <allow send_destination="org.freedesktop.systemd1"
           send_interface="org.freedesktop.systemd1.Manager" />
    <allow send_destination="org.freedesktop.systemd1"
           send_interface="org.freedesktop.DBus.Properties" />
    <allow send_destination="org.freedesktop.login1"
           send_interface="*" />
    <allow send_destination="org.freedesktop.systemd1"
           send_interface="*" />
  </policy>
</busconfig>

and I placed it in terko-dbus.conf file /etc/dbus-1/system.d/ (I tried also /usr/share/dbus-1/system.d) in linux image with the aid of yocto bitbake but still issue occurs. What is lack in my config file? I placed also:

Code:

      <policy context="default">
    <allow own="*"/>
    <allow send_type="method_call"/>
  </policy>

as in system.conf by default it is deny:

Code:

<policy context="default">
    <!-- All users can connect to system bus -->
    <allow user="*"/>

    <!-- Holes must be punched in service configuration files for
         name ownership and sending method calls -->
    <deny own="*"/>
    <deny send_type="method_call"/>
...

however it didn't help. Any ideas?