[systemd-devel] Cannot call GetUnit method with ssh

Bao Nguyen baondt at gmail.com
Sat Mar 2 07:31:06 UTC 2019


Hi Lennart,

Thanks for your information.

I do not use selinux. Could you please show me how to enable dbus log?
I found this thread https://wiki.ubuntu.com/DebuggingDBus, not sure it
works but I'll give it a try.

BTW, last time when I enable systemd debug systemd.log_level=debug, I
found this log

systemd[1]: Got message type=method_call sender=:1.183
destination=org.freedesktop.systemd1 object=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager member=GetUnit cookie=2
reply_cookie=0 error=n/a
systemd[1]: Sent message type=method_return sender=n/a
destination=:1.183 object=n/a interface=n/a member=n/a cookie=2151
reply_cookie=2 error=n/a

This is when I can ssh successfully, when it fails, the Sent message
(and maybe Got Message as well, sorry I lost the log, I will update
later) has sender and destination is "n/a". Could you please elaborate
on this "n/a", can it lead to the Acess denied"?

And if dbus-daemon refused access to the unit's runtime data, when I
restart dbus, there is no error "Access Denied" anymore. How does
restarting dbus relate with Access Denied? If it is permission, I
guess even restarting dbus, it still meets Access Denied.

Sorry for asking a lot of questions.

Thanks a lot,
Brs,
Naruto

On Fri, Mar 1, 2019 at 5:22 PM Lennart Poettering
<lennart at poettering.net> wrote:
>
> On Do, 28.02.19 18:21, Bao Nguyen (baondt at gmail.com) wrote:
>
> > Hello everyone,
> >
> > I am using systemd 228. When the system starts successfully, I tried
> > to login to my system via ssh with my one of setting users, and I can
> > log in successfully but systemd throws an error message:
> >
> > "Failed to get unit: Access denied"
> >
> > When I trace code of systemd, I found the message thrown from the
> > method call via sdbus. This is one of function I added in systemd
> > source
> >
> >         r = sd_bus_call_method(
> >                         bus,
> >                         "org.freedesktop.systemd1",
> >                         "/org/freedesktop/systemd1",
> >                         "org.freedesktop.systemd1.Manager",
> >                         "GetUnit",
> >                         &error_message,
> >                         &reply_return,
> >                         "s", name_unit);
> >         if (r < 0) {
> >                         return log_errno(r, "Failed to get unit: %s",
> > bus_error_message(&error_message, r));
> >         }
> >
> > But somehow it cannot call GetUnit method from interface
> > org.freedesktop.systemd1.Manager with error "Access denied". Could you
> > please let me know what the error message of this method call means ?
> > Does it relate any to user permission and if any setting permission of
> > user can cause the method called via sdbus can not retrieve unit
> > object path for a unit name during ssh?
>
> This means dbus-daemon or selinux refused access to the unit's runtime
> data.
>
> if it's dbus there might be more info in the dbus logs.
>
> if it's selinux (do you use that?) there might be AVCs...
>
> Lennart
>
> --
> Lennart Poettering, Red Hat


More information about the systemd-devel mailing list