[Bug 1969976] Re: DynamicUser=1 doesn't get along with services that need dbus-daemon

Mario Limonciello 1969976 at bugs.launchpad.net
Mon Apr 25 20:27:58 UTC 2022 

OK, so upstream here is what we have done (pretty much your suggested
W/A).

main:
https://github.com/fwupd/fwupd/commit/7b0d6bc6e03381544e3fb1836c177d492c9d0bbc
https://github.com/fwupd/fwupd/commit/e90b04d7319874db36c06245ab07858589ce8bc8
https://github.com/fwupd/fwupd/commit/f818404d817f6f36699807424cd1d9b84c9be752

backported to 1_7_X (which can SRU to Ubuntu):
https://github.com/fwupd/fwupd/commit/e6ea2916b1f7e1b26eefd6e2e762a9a26492ffaa
https://github.com/fwupd/fwupd/commit/3c72bcc181470c5a9f1f01fbd9826fa6f7e37cc1
https://github.com/fwupd/fwupd/commit/7bb2f00ca96fb23f7de88c64353916436b2504bb

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1969976

Title:
  DynamicUser=1 doesn't get along with services that need dbus-daemon

Status in Fwupd:
  Fix Released
Status in systemd:
  New
Status in fwupd package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New
Status in fwupd source package in Focal:
  New
Status in systemd source package in Focal:
  New
Status in fwupd source package in Impish:
  New
Status in systemd source package in Impish:
  New
Status in fwupd source package in Jammy:
  New
Status in systemd source package in Jammy:
  New

Bug description:
  Updating to systemd 245.4-4ubuntu3.16 has caused a regression in
  Ubuntu 20.04, that fwupd-refresh.service always fails to run.

  This has been root caused down to the changes in
  https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538

  Unfortunately this is an upstream issue introduced by stable systemd.
  https://github.com/systemd/systemd/issues/22737

  The problem also occurs in Ubuntu 22.04 with a newer systemd release.
  As discussed in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538/comments/61 it's a tradeoff of issues.  So within Ubuntu something probably needs to be done about fwupd-refresh.service.

  One proposal is to remove DynamicUser=yes from the systemd unit, but
  this will mean fwupdgmr refresh runs as root.  It's relatively
  sandboxed by other security mechanisms, but still not ideal.  Could we
  repurpose any other service account?  Or alternatively we can make a
  new fwupd service account that this systemd unit uses.

To manage notifications about this bug go to:
https://bugs.launchpad.net/fwupd/+bug/1969976/+subscriptions

More information about the foundations-bugs mailing list