DBus socket not accessible by non-root users

[WhyNotHugo]

Hi! I'm writing a tiny daemon to make this scheduler work with swaywm. That is, when the currently focused window changes, call SetForeground(u32).

Regrettably, it seems that non-root users cannot access the com.system76.Scheduler bus. I used d-feet to try and use it interactively, and get:

org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message (9)

Isn't this method intended to be called by the desktop user? Am I missing something?

[mjakeman]

Hi, I'm also experiencing this issue as part of my attempt at a standalone shell extension. As it's effectively the same implementation as pop-shell, I'm wondering if this is an issue with my extension rather than the scheduler itself.

As a temporary workaround, I edited the policy in /etc/dbus-1/system.d/com.system76.Scheduler.conf, although this naturally isn't ideal.

...
<policy context="default">
    <allow send_destination="com.system76.Scheduler"/>
    <allow receive_sender="com.system76.Scheduler"/>
</policy>
...

Would greatly appreciate some clarification on proper usage.

[mmstick]

I'll add a fix for this alongside the existing PR

[mmstick]

Technically you only have to be part of the sudo/adm group right now.

[mmstick]

You can install from the scheduler branch to have the updated policy.

[WhyNotHugo]

Inspecting into internals and setpriority a bit more, it seems you don't actually need to run as root in order to change a process's priority.

So maybe it's best to run this portion of the service as a user service (and use the session dbus instead of the system one); it would suppress the need for the privileged API and having to handle permissions, etc.

[mmstick]

Root is required to set negative priorities. User accounts can only set 0 and above.

[mjakeman]

Hi, I'm encountering an issue with the new policy in #13.

The service is now failing to start with the following error:

org.freedesktop.DBus.Error.AccessDenied: Request to own name refused by policy

By adding back the <allow own="..."> tag to the root user, everything works correctly.

<!DOCTYPE busconfig PUBLIC
          "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
          "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
    <policy context="default">
        <allow send_destination="com.system76.Scheduler"/>
        <allow receive_sender="com.system76.Scheduler"/>
    </policy>
    <policy user="root">
        <allow own="com.system76.Scheduler"/>
        <allow send_destination="com.system76.Scheduler"/>
        <allow receive_sender="com.system76.Scheduler"/>
    </policy>
</busconfig>

For reference, here is the full output from systemctl status:

Feb 23 14:41:54 matthew-s systemd[1]: Starting com.system76.Scheduler.service - Automatically configure CPU scheduler for responsiveness on AC...
Feb 23 14:41:54 matthew-s system76-scheduler[4528]: Error: org.freedesktop.DBus.Error.AccessDenied: Request to own name refused by policy
Feb 23 14:41:54 matthew-s system76-scheduler[4528]: Caused by:
Feb 23 14:41:54 matthew-s system76-scheduler[4528]:     org.freedesktop.DBus.Error.AccessDenied: Request to own name refused by policy
Feb 23 14:41:54 matthew-s systemd[1]: com.system76.Scheduler.service: Main process exited, code=exited, status=1/FAILURE
Feb 23 14:41:54 matthew-s systemd[1]: com.system76.Scheduler.service: Failed with result 'exit-code'.
Feb 23 14:41:54 matthew-s systemd[1]: Failed to start com.system76.Scheduler.service - Automatically configure CPU scheduler for responsiveness on AC.

[KyleGospo]

Seeing the issue above here as well, can confirm their solution.