First I'd like to question if the dbus code is needed? A quick debian codesearch shows no other usages: https://codesearch.debian.net/search?q=app%5C.apt
Do we need to check if dbus is running or is it sufficient to simply try silently via: if which dbus-send >/dev/null 2>&1; then if dbus-send --system / app.apt.dbus.updated boolean:true > /dev/null 2>&1; then Kindly Regards, Christian Göttsche 2016-12-30 21:43 GMT+01:00 David Kalnischkies <da...@kalnischkies.de>: > Control: severity -1 wishlist > > On Thu, Dec 29, 2016 at 12:22:02PM +0100, cgzones wrote: >> The script '/usr/lib/apt/apt.systemd.daily' uses 'pidof dbus-daemon' >> to check whether dbus is running and whether to send a message. >> With SELinux enabled this causes avc denials like: > […] >> I do not like to grant apt these permissions but I also want apt to >> announce an update to dbus, >> so can you rework the dbus check? > > Perhaps. Given you are the first person in 8 years to complain about > this (#438803) perhaps you have also an idea how as I have neither > a SELinux setup nor know what you would deem acceptable. > > (truth be told, I don't even use that cron job, so I am not going to be > available for review above very trivial changes and even that…) > > I guess we could use (pseudo code) "if systemd; then systemctl is-active > dbus; else pidof dbus; fi" but that would really need someone to verify > that this has the intended result (and is available in your setup). > > > Best regards > > David Kalnischkies