[systemd-devel] StartTransientService problems

[Lennart Poettering]

On Wed, 05.02.14 18:27, Barry Scott (barry.scott at onelan.co.uk) wrote:

> 
> But I am hitting 2 issues:
> 1) We cannot call sched_setscheduler() in spite of the cpu cgroup being setup 
> correctly (e.g. works with systemd-208):
> # grep . /sys/fs/cgroup/cpu/onelan.slice/onelan-screen.slice/cpu.rt*
> /sys/fs/cgroup/cpu/onelan.slice/onelan-
> screen.slice/cpu.rt_period_us:1000000000
> /sys/fs/cgroup/cpu/onelan.slice/onelan-
> screen.slice/cpu.rt_runtime_us:900000000

You need to set RT quota all the way to the top, and of course you still
need privs to get them...

> 
> 2) When I call StartTransientUnit I get a permission error:
> DBusException: org.freedesktop.DBus.Error.AccessDenied: Access to 
> org.freedesktop.systemd1.Manager.StartTransientUnit() not permitted.
> 
> I have the following setup
> (copied from /etc/dbus-1/system.d/org.freedesktop.systemd1.conf):

> # cat /etc/dbus-1/system.d/ONELAN-systemd.conf 
> <?xml version="1.0"?>
> <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 
> 1.0//EN"
>     "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> 
> <busconfig>
>         <policy user="onelan">
>                 <allow own="org.freedesktop.systemd1"/>

Nope, you user shouldn't get the right to own systemd's name, only
systemd should be able to do that...

> 
>                 <!-- Onelan clients can do everything -->
>                 <allow send_destination="org.freedesktop.systemd1"/>
>                 <allow receive_sender="org.freedesktop.systemd1"/>
> 
>                 <!-- systemd may receive activator requests -->
>                 <allow receive_interface="org.freedesktop.systemd1.Activator"
>                        receive_member="ActivationRequest"/>

The activator stuff is between systemd and dbus-daemon, nothing else
should have that.

Please check the man page regarding the dbus policy language.

Lennart

-- 
Lennart Poettering, Red Hat