[systemd-devel] systemctl as non-root
Aaron_Wright at selinc.com
Aaron_Wright at selinc.com
Fri May 29 09:13:06 PDT 2015
> > I compiled systemd without dbus support (--disable-dbus), and there is
no
> > dbus daemon or dbus lib on the system. Is that a requirement to get
the
> > functionality I want? I didn't see much need for dbus as the system
works
> > quite well without it. Well, except for this of course.
>
> systemd will always use D-Bus (the protocol) for IPC, that's not
> optional, and you cannot turn it off neither during build-time nor
> during runtime. systemd does not use libdbus to implement this
> however, but instead it uses its own D-Bus client implementation,
> dubbed "sd-bus", which is going to be a public API with the next
> systemd release.
>
> Optional however is whether dbus-daemon (the daemon) is used as for
> IPC, or if all dbus IPC takes place only between systemd and its
> clients via direct AF_UNIX connections, without the central bus
> concept. We support this mode mostly to cover for the early-boot phase
> where dbus-daemon is not running yet, and hence cannot be used for
> communication. Running in this mode even during normal operation is
> supported, but not recommended (which is why the README says: "dbus is
> strictly speaking optional, but recommended").
>
> The direct AF_UNIX communication is available exclusively for
> privileged clients. Normally it's the duty of dbus-daemon to enforce
> more complex policy on dbus1 systems. If you take dbus-daemon out of
> the equation however, then this policy component will be missing, and
> hence systemd refuses to talk to any unprivileged clients.
>
> Long story short: you cannot avoid dbus IPC really. Please use
> dbus-daemon, it's recommended. If you choose not to anyway, then you
> will not have access to systemd's APIs from unprivileged APIs.
Well, that clears that up. Thanks for the detailed responses. Given my
product's embedded nature, I'm trying to run a minimal systemd, as I've
mentioned before. This has, of course, caused me to run into lots of
issues of my own making. So thanks for bearing with me.
I'd like to do without yet another daemon, dbus-daemon, on the system, so
I'll work around the non-root systemctl access, which isn't too hard my
specific situation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150529/376d44f9/attachment.html>
More information about the systemd-devel
mailing list