[Pkg-utopia-maintainers] Bug#859451: dbus: error messages on boot for systems with NSS LDAP
Simon McVittie
smcv at debian.org
Mon Apr 3 18:21:39 UTC 2017
Control: tags -1 + wontfix
On Mon, 03 Apr 2017 at 19:35:36 +0200, Laurent Bonnaud wrote:
> - does dbus really need to query the NSS databases on boot?
Yes: if any user or group mentioned in /etc/dbus/system.d/
comes from LDAP, then it needs to know who they are.
I would not recommend using non-local NSS without some sort of cache
(unscd, nss-updatedb or sssd), and doubly so if system users are in LDAP.
Unfortunately, many commonly-used packages (e.g. BlueZ) still use the
firewall-style policies found in /etc/dbus/system.d/ for group-based
access control, instead of letting all users communicate with the
service and then doing their own authorization via polkit (like
NetworkManager does).
> - would it be possible to order the dbus start after network is available?
In general no, because some ways to get on the network require D-Bus
(NetworkManager, ConnMan, wicd), so you would have a circular
dependency.
If you don't use any of those, then you can configure this locally
by creating /etc/systemd/system/dbus.service.d/local.conf containing
something like this (untested and quite possibly wrong, see systemd
documentation):
[Unit]
Wants=network-online.target
After=network-online.target
Regards,
S
More information about the Pkg-utopia-maintainers
mailing list