[systemd-devel] Errors in log for "systemctl status" as non-root user

Lennart Poettering lennart at poettering.net
Sun Mar 6 16:44:47 PST 2011


On Sat, 05.03.11 17:35, Andrey Borzenkov (arvidjaar at gmail.com) wrote:

> Mar  5 17:33:44 cooker dbus-daemon: [system] Rejected send message, 2
> matched rules; type="method_call", sender=":1.62" (uid=501 pid=3778
> comm="systemctl status haldaemon.service ")
> interface="org.freedesktop.systemd1.Manager" member="LoadUnit" error
> name="(unset)" requested_reply=0
> destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/bin/systemd
> systemd.unit=multi-user.target "))
> 
> 
> This is logged for every "systemctl status". Well, I do not see what I
> am doing wrong. I guess, systemctl should not attempt to load unit if
> it was asked to just provide status?

systemd tries to minimize what it loads and also automatically unloads
information about unused services. This means that it is very likely
that information is not loaded when the user tries to "systemctl status"
it. However I do believe that it makes sense that this call succeeds
even then, to show meta information that might be relevant even if the
services is not active in any way: the description string of a service
for example, or the file in the file system a service definition was
loaded from.

It would be nice if D-Bus would allow "nowarn" policy rules, but
unfortunately it currently doesn't. 

We could of course add some code to systemctl to skip the LoadUnit call
if we are not run as root, but that would hardcode policy that should be
softcoded in the dbus policy file and nowhere else.

I think if we want to fix this for good, then the dbus policy logic
should gain "nowarn" rules. I.e. this should be fix in dbus, not really
systemd.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the systemd-devel mailing list