On Tue, 04 Apr 2017 at 12:36:35 +0200, Laurent Bonnaud wrote:
> On 03/04/2017 20:21, Simon McVittie wrote:
>
> > Yes: if any user or group mentioned in /etc/dbus/system.d/
> > comes from LDAP, then it needs to know who they are.
>
> This directory does not exist on this system.
Sorry, I meant /etc/dbus-1/system.d/*.conf (my earlier mail was missing
the -1). For completeness, several other paths could potentially
mention users and groups, including /etc/dbus-1/system-local.conf
and /usr/share/dbus-1/system.d/*.conf.
> > and doubly so if system users are in LDAP.
>
> System users are all local in /etc/passwd.
That's good - it's very easy to get circular dependencies otherwise.
The bus configuration often also references group names and identities -
are those all local? (I suspect not.)
Alternatively, your NSS configuration might be such that the NSS-backed
library calls that dbus-daemon uses during configuration loading (mainly
getpwuid_r() and getgrnam_r() I think) hit the network even if the
group is configured locally.
> >> - would it be possible to order the dbus start after network is available?
> > In general no, because some ways to get on the network require D-Bus
> > (NetworkManager, ConnMan, wicd), so you would have a circular
> > dependency.
>
> This system is minimal and uses plain old /etc/network/interfaces
Right, so this works *for you*, but it cannot be applied in general.
> > # /etc/systemd/system/dbus.service.d/local.conf
> > [Unit]
> > Wants=network-online.target
> > After=network-online.target
>
> How about suggesting this solution in /usr/share/doc/dbus/README.Debian?
I'd rather not: this is very much an "at own risk, if you are absolutely
sure you know what you are doing" option that can easily cause circular
dependencies. (Much like getting your user and group information from
the network, in fact...)
S
