Am 21.11.18 um 18:03 schrieb Simon McVittie: > Real solution: > >> ===File /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf=== > ... >> <busconfig> > ... >> <policy context="default"> >> <deny send_destination="org.freedesktop.systemd1"/> > > org.freedesktop.systemd-shim.conf should not have this Deny line. It's > redundant with the implicit default-deny in system.conf, and is going to > break the file installed by the real systemd. > > systemd should perhaps mitigate this bug for buster by moving its bus > configuration from /usr/share/dbus-1 back into /etc/dbus-1, and choosing > a filename that is higher precedence than systemd-shim's. (Sorry, I don't > immediately know whether that means earlier or later in ASCII order.)
The problem is, this file
/etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf was removed from
systemd-shim a long time ago
systemd-shim (8-4) unstable; urgency=medium
* Drop the dbus policy entirely from this package, as discussed in bug
#765101; since the security policy should always be in sync with
systemd's, and since the systemd package ships both logind (the consumer
of systemd-shim) and this dbus policy, there's no reason to ship this
separately rather than relying on the systemd copy.
-- Steve Langasek <vor...@debian.org> Wed, 22 Oct 2014 04:29:44 +0000
I'm not sure, why Francesco still had this file around, as there is a
.maintscript file in systemd-shim which was supposed to clean that up:
$ cat debian/systemd-shim.maintscript
rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd1.conf 6-2
systemd-shim
rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf 8-4
systemd-shim
So I can only guess, that Francesco had removed, but not purged the
package before the 8-4 update.
Changing systemd to move the dbus policy file back to /etc/ seems like a
workaround, which we could never get rid off, as there might always be
users who removed but not purged the package before 8-4.
I guess the only sensible thing we can do at this point if we let the
systemd package itself clean up this mess, and remove
/etc/dbus-1/system.d/org.freedesktop.systemd1.conf
either via systemd.maintscript or just a simple rm -f in postinst.
I'm aware this is not 100% policy compliant, but I can't think of a
better solution atm.
WDYT?
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
