[systemd-devel] keyrings and dbus
Simon McVittie
smcv at collabora.com
Wed Jun 12 16:18:46 UTC 2019
On Wed, 12 Jun 2019 at 18:34:30 +0300, Andrei Borzenkov wrote:
> Technically this is probably correct - session keyring lifetime is
> exactly that - session, and systemd-user lifetime is independent of
> individual (GUI) login session lifetime. But then D-Bus should not be
> started inside systemd-user "session", because lifetime of D-Bus user
> instance is supposed to be the same as user login session.
If you want the lifetime of the D-Bus session bus `dbus-daemon --session`
to be the same as a single graphical login session, either don't configure
it with --enable-user-session, or don't install its systemd user units
(packaged separately as dbus-user-session in Debian and its derivatives).
The scope of the D-Bus session bus is an OS integrator choice. It can
either be the same as a single login session, or the same as `systemd
--user`, but it cannot be both.
Of course, if its scope is the same as a single login session, then you
can't use it to communicate with `systemd --user` or use it from user
services, because they would be outside its scope.
> Or D-Bus
> needs explicit support for passing session keyring information when
> invoking user service that is part of user login session.
systemd user services are not part of a particular login session. They
exist outside all login sessions (look at systemd-cgls).
If you configure dbus with --enable-user-session, then D-Bus session
services are not part of a particular login session either.
It's your choice - but you can't have it both ways. The dbus-daemon
can't be both inside a login session, and shared between login sessions.
smcv
More information about the systemd-devel
mailing list