[systemd-devel] Errors in log for "systemctl status" as non-root user

Andrey Borzenkov arvidjaar at gmail.com
Tue Mar 8 10:46:13 PST 2011

On Mon, Mar 7, 2011 at 3:44 AM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Sat, 05.03.11 17:35, Andrey Borzenkov (arvidjaar at gmail.com) wrote:
>> Mar  5 17:33:44 cooker dbus-daemon: [system] Rejected send message, 2
>> matched rules; type="method_call", sender=":1.62" (uid=501 pid=3778
>> comm="systemctl status haldaemon.service ")
>> interface="org.freedesktop.systemd1.Manager" member="LoadUnit" error
>> name="(unset)" requested_reply=0
>> destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/bin/systemd
>> systemd.unit=multi-user.target "))
>> This is logged for every "systemctl status". Well, I do not see what I
>> am doing wrong. I guess, systemctl should not attempt to load unit if
>> it was asked to just provide status?
> systemd tries to minimize what it loads and also automatically unloads
> information about unused services. This means that it is very likely
> that information is not loaded when the user tries to "systemctl status"
> it. However I do believe that it makes sense that this call succeeds
> even then, to show meta information that might be relevant even if the
> services is not active in any way: the description string of a service
> for example, or the file in the file system a service definition was
> loaded from.
> It would be nice if D-Bus would allow "nowarn" policy rules, but
> unfortunately it currently doesn't.

May be, non-root should be allowed to LoadUnit unit then? What exact
security implications would it have? Systemd only loads units from
trusted paths anyway?

More information about the systemd-devel mailing list