Thank you very much Mantas, it works like a charm. I modified my configuration file and it looks like that now: ``` <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> <busconfig> <policy user="root"> <allow own="net.poettering.Calculator" /> <allow send_destination="*" /> <allow send_type="*" /> <allow send_interface="*" /> </policy> </busconfig> ```
Regards Yves Le mar. 19 oct. 2021 à 17:55, Mantas Mikulėnas <graw...@gmail.com> a écrit : > On Tue, Oct 19, 2021, 18:29 yves baumes <ybau...@gmail.com> wrote: > >> Hello, >> >> First I am not sure it is the correct place to ask questions about lib >> sd-bus. Is it? Here is my issues: >> >> I am trying to use the lib sd-bus, following this blog post: >> http://0pointer.net/blog/the-new-sd-bus-api-of-systemd.html . >> >> I am able to launch my own service on the *user* bus. >> When I launch it on the *system* bus, problems appear. >> First I had a permission denied issue, and to correct it I had to create >> a configuration file in /etc/dbus-1/system.d/net.poettering.Calculator.conf >> . As stated in >> https://stackoverflow.com/questions/32828468/sd-bus-api-sd-bus-request-name-returns-permission-denied >> . >> Thus the executable launches perfectly (no more 'permission denied' >> errors). >> > > This is normal as the system bus is "deny everything by default", to make > sure unprivileged users can't impersonate a service. > > >> Now I am trying to inspect the service with D-feet. The service is well >> listed on the left pane: net.poettering.Calculator, but when I click on it, >> I get an error window stating : >> 'net.poettering.Calculator: g-dbus-error-quark: >> GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, >> 1 matched rules; type="method_call", sender=":-1.1996" (uid=1000 >> pid=3110822 comm="/usr/bin/python3 /usr/bin/d-feet" label"unconfined") >> interface="org.freedesktop.DBus.Introspectable" member="Introspect" error >> name ="(unset)" requested_reply="0" destination=net.poettering.Calculator" >> (uid=0 pid=3110595 comm="./-bus-service" label="unconfined")(9)' . >> > > This also means you need to allow things in the dbus-daemon policy. Not > only does the service need permissions to claim a name, but everyone also > needs permissions to send it messages (and receive replies). > > In many cases you can copy a basic policy that just allows everything from > any UID to your service (possibly still limited by interface), like how > UDisks2.conf does it. >
