Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Lennart,
Thanks for your information.
I do not use selinux. Could you please show me how to enable dbus log?
I found this thread https://wiki.ubuntu.com/DebuggingDBus, not sure it
works but I'll give it a try.
BTW, last time when I enable systemd debug systemd.log_level=debug, I
found this log
systemd[1]: Got message type=method_call sender=:1.183
destination=org.freedesktop.systemd1 object=/org/freedesktop/systemd1
interface=org.freedesktop.systemd1.Manager member=GetUnit cookie=2
reply_cookie=0 error=n/a
systemd[1]: Sent message type=method_return sender=n/a
destination=:1.183 object=n/a interface=n/a member=n/a cookie=2151
reply_cookie=2 error=n/a
This is when I can ssh successfully, when it fails, the Sent message
(and maybe Got Message as well, sorry I lost the log, I will update
later) has sender and destination is "n/a". Could you please elaborate
on this "n/a", can it lead to the Acess denied"?
And if dbus-daemon refused access to the unit's runtime data, when I
restart dbus, there is no error "Access Denied" anymore. How does
restarting dbus relate with Access Denied? If it is permission, I
guess even restarting dbus, it still meets Access Denied.
Sorry for asking a lot of questions.
Thanks a lot,
Brs,
Naruto
On Fri, Mar 1, 2019 at 5:22 PM Lennart Poettering
wrote:
>
> On Do, 28.02.19 18:21, Bao Nguyen (bao...@gmail.com) wrote:
>
> > Hello everyone,
> >
> > I am using systemd 228. When the system starts successfully, I tried
> > to login to my system via ssh with my one of setting users, and I can
> > log in successfully but systemd throws an error message:
> >
> > "Failed to get unit: Access denied"
> >
> > When I trace code of systemd, I found the message thrown from the
> > method call via sdbus. This is one of function I added in systemd
> > source
> >
> > r = sd_bus_call_method(
> > bus,
> > "org.freedesktop.systemd1",
> > "/org/freedesktop/systemd1",
> > "org.freedesktop.systemd1.Manager",
> > "GetUnit",
> > _message,
> > _return,
> > "s", name_unit);
> > if (r < 0) {
> > return log_errno(r, "Failed to get unit: %s",
> > bus_error_message(_message, r));
> > }
> >
> > But somehow it cannot call GetUnit method from interface
> > org.freedesktop.systemd1.Manager with error "Access denied". Could you
> > please let me know what the error message of this method call means ?
> > Does it relate any to user permission and if any setting permission of
> > user can cause the method called via sdbus can not retrieve unit
> > object path for a unit name during ssh?
>
> This means dbus-daemon or selinux refused access to the unit's runtime
> data.
>
> if it's dbus there might be more info in the dbus logs.
>
> if it's selinux (do you use that?) there might be AVCs...
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Hi Mantas,
Thanks for our reply.
No, my /usr has not any special setup, it is already in initrd.
Brs,
Naruto
On Fri, Mar 1, 2019 at 4:33 PM Mantas Mikulėnas wrote:
>
> Does your system have any sort of special setup for /etc or /usr?
>
> It sounds very much like /usr is on a separate filesystem that's not yet
> mounted at the time of system boot, so dbus-daemon cannot find its
> configuration at that time. When /usr is separate, it must be pre-mounted by
> the initramfs.
>
> On Thu, Feb 28, 2019 at 1:28 PM Bao Nguyen wrote:
>>
>> Hi again,
>>
>> Just would like to update that when i restart dbus service, the issue does
>> not happen.
>>
>> Brs,
>> Bao
>>
>> On Thu, Feb 28, 2019 at 6:21 PM Bao Nguyen wrote:
>>>
>>> Hello everyone,
>>>
>>> I am using systemd 228. When the system starts successfully, I tried
>>> to login to my system via ssh with my one of setting users, and I can
>>> log in successfully but systemd throws an error message:
>>>
>>> "Failed to get unit: Access denied"
>>>
>>> When I trace code of systemd, I found the message thrown from the
>>> method call via sdbus. This is one of function I added in systemd
>>> source
>>>
>>> r = sd_bus_call_method(
>>> bus,
>>> "org.freedesktop.systemd1",
>>> "/org/freedesktop/systemd1",
>>> "org.freedesktop.systemd1.Manager",
>>> "GetUnit",
>>> _message,
>>> _return,
>>> "s", name_unit);
>>> if (r < 0) {
>>> return log_errno(r, "Failed to get unit: %s",
>>> bus_error_message(_message, r));
>>> }
>>>
>>> But somehow it cannot call GetUnit method from interface
>>> org.freedesktop.systemd1.Manager with error "Access denied". Could you
>>> please let me know what the error message of this method call means ?
>>> Does it relate any to user permission and if any setting permission of
>>> user can cause the method called via sdbus can not retrieve unit
>>> object path for a unit name during ssh?
>>>
>>> Thanks a lot,
>>> Brs,
>>> Naruto
>>
>> ___
>> systemd-devel mailing list
>> systemd-devel@lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
>
>
> --
> Mantas Mikulėnas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
On Do, 28.02.19 18:21, Bao Nguyen (bao...@gmail.com) wrote:
> Hello everyone,
>
> I am using systemd 228. When the system starts successfully, I tried
> to login to my system via ssh with my one of setting users, and I can
> log in successfully but systemd throws an error message:
>
> "Failed to get unit: Access denied"
>
> When I trace code of systemd, I found the message thrown from the
> method call via sdbus. This is one of function I added in systemd
> source
>
> r = sd_bus_call_method(
> bus,
> "org.freedesktop.systemd1",
> "/org/freedesktop/systemd1",
> "org.freedesktop.systemd1.Manager",
> "GetUnit",
> _message,
> _return,
> "s", name_unit);
> if (r < 0) {
> return log_errno(r, "Failed to get unit: %s",
> bus_error_message(_message, r));
> }
>
> But somehow it cannot call GetUnit method from interface
> org.freedesktop.systemd1.Manager with error "Access denied". Could you
> please let me know what the error message of this method call means ?
> Does it relate any to user permission and if any setting permission of
> user can cause the method called via sdbus can not retrieve unit
> object path for a unit name during ssh?
This means dbus-daemon or selinux refused access to the unit's runtime
data.
if it's dbus there might be more info in the dbus logs.
if it's selinux (do you use that?) there might be AVCs...
Lennart
--
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot call GetUnit method with ssh
Does your system have any sort of special setup for /etc or /usr?
It sounds very much like /usr is on a separate filesystem that's not yet
mounted at the time of system boot, so dbus-daemon cannot find its
configuration at that time. When /usr is separate, it must be pre-mounted
by the initramfs.
On Thu, Feb 28, 2019 at 1:28 PM Bao Nguyen wrote:
> Hi again,
>
> Just would like to update that when i restart dbus service, the issue does
> not happen.
>
> Brs,
> Bao
>
> On Thu, Feb 28, 2019 at 6:21 PM Bao Nguyen wrote:
>
>> Hello everyone,
>>
>> I am using systemd 228. When the system starts successfully, I tried
>> to login to my system via ssh with my one of setting users, and I can
>> log in successfully but systemd throws an error message:
>>
>> "Failed to get unit: Access denied"
>>
>> When I trace code of systemd, I found the message thrown from the
>> method call via sdbus. This is one of function I added in systemd
>> source
>>
>> r = sd_bus_call_method(
>> bus,
>> "org.freedesktop.systemd1",
>> "/org/freedesktop/systemd1",
>> "org.freedesktop.systemd1.Manager",
>> "GetUnit",
>> _message,
>> _return,
>> "s", name_unit);
>> if (r < 0) {
>> return log_errno(r, "Failed to get unit: %s",
>> bus_error_message(_message, r));
>> }
>>
>> But somehow it cannot call GetUnit method from interface
>> org.freedesktop.systemd1.Manager with error "Access denied". Could you
>> please let me know what the error message of this method call means ?
>> Does it relate any to user permission and if any setting permission of
>> user can cause the method called via sdbus can not retrieve unit
>> object path for a unit name during ssh?
>>
>> Thanks a lot,
>> Brs,
>> Naruto
>>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
Mantas Mikulėnas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
