First I'd like to question if the dbus code is needed? A quick debian
codesearch shows no other usages:
https://codesearch.debian.net/search?q=app%5C.apt

Do we need to check if dbus is running or is it sufficient to simply
try silently via:

if which dbus-send >/dev/null 2>&1; then
    if dbus-send --system / app.apt.dbus.updated boolean:true >
/dev/null 2>&1; then

Kindly Regards,
    Christian Göttsche

2016-12-30 21:43 GMT+01:00 David Kalnischkies <da...@kalnischkies.de>:
> Control: severity -1 wishlist
>
> On Thu, Dec 29, 2016 at 12:22:02PM +0100, cgzones wrote:
>> The script '/usr/lib/apt/apt.systemd.daily' uses 'pidof dbus-daemon'
>> to check whether dbus is running and whether to send a message.
>> With SELinux enabled this causes avc denials like:
> […]
>> I do not like to grant apt these permissions but I also want apt to
>> announce an update to dbus,
>> so can you rework the dbus check?
>
> Perhaps. Given you are the first person in 8 years to complain about
> this (#438803) perhaps you have also an idea how as I have neither
> a SELinux setup nor know what you would deem acceptable.
>
> (truth be told, I don't even use that cron job, so I am not going to be
> available for review above very trivial changes and even that…)
>
> I guess we could use (pseudo code) "if systemd; then systemctl is-active
> dbus; else pidof dbus; fi" but that would really need someone to verify
> that this has the intended result (and is available in your setup).
>
>
> Best regards
>
> David Kalnischkies

Reply via email to