Hi All,
I would like to receive some clarity on following commit in systemd
(https://github.com/systemd/systemd/commit/def9a7aa0182e5ecca3ac61b26f75136a5c4f103)
I was trying to run an application as non-root.
Currently, I am facing an issue that I am not able to make a "busctl call" from
a non-root user to a D-Bus service running as root.
Example:
1. Create a non-root user using useradd command
2. The following is exposed by a daemon running as root
service - xyz.openbmc_project.xxxx
objectpath - /xyz/openbmc_project/xxxx/get_data
interface - xyz.openbmc_project.GetData
method - getData
3. From putty log in to BMC console and using "su nonrootuser" switch to
non-root user
4. Run the following command:
busctl call xyz.openbmc_project.xxxx /xyz/openbmc_project/xxxx/get_data
xyz.openbmc_project.GetData getData
and we get response "Call Failed: Access denied"
On investigation, 'Access Denied' failure response was coming from the systemd
recipe.
From file systemd\src\libsystemd\sd-bus\bus-convenience.c
method_callbacks_run->check_access fails
In case of root check_access->sd_bus_query_sender_privilege returns 1 because
of the following condition
if (sender_uid == our_uid)
return 1;
In case of non-root check_access->sd_bus_query_sender_privilege function
returns 0
I would like to understand how "return 1" can be achieved from
sd_bus_query_sender_privilege function.
Specifically the below mentioned "return 1"
r = sd_bus_creds_has_effective_cap(creds, capability);
if (r > 0)
return 1;
From your commit message I can see that polkit has some role here. But I am new
to polkit and any help would be appreciated 😊
Regards,
Arun Lal K M
