[Bug 1969976] Re: DynamicUser=1 doesn't get along with services that need dbus-daemon

imker 1969976 at bugs.launchpad.net
Tue Aug 9 18:54:24 UTC 2022 

I think Eric has a good point. Why this fix is not ported back to Jammy?
Jammy is a LTS Version so this service won't work for the next two years
if the fix gets not back ported for all who stick to LTS for whatever
reason.

This is then from my point of view also a security issue, since if this service is not running no firmware updates will be installed for several devices automatically. Since this is what this service is supposed to do and FW updates may also fix security issues. 
But the user thinks this service is there and doing it's job. Since from my experience most users never check if all the services are up and running fine as long as there is no unexpected behavior.
So the user will also not manually check for FW updates, he believes the service does.

And this service does not start on any Ubuntu installation at the
moment!

Also Focal needs this fix, since it is still supported for two more
years. So can you please explain?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1969976

Title:
  DynamicUser=1 doesn't get along with services that need dbus-daemon

Status in Fwupd:
  Fix Released
Status in systemd:
  New
Status in fwupd package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Won't Fix
Status in fwupd source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Won't Fix
Status in fwupd source package in Impish:
  Won't Fix
Status in systemd source package in Impish:
  Won't Fix
Status in fwupd source package in Jammy:
  Confirmed
Status in systemd source package in Jammy:
  Won't Fix

Bug description:
  Updating to systemd 245.4-4ubuntu3.16 has caused a regression in
  Ubuntu 20.04, that fwupd-refresh.service always fails to run.

  This has been root caused down to the changes in
  https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538

  Unfortunately this is an upstream issue introduced by stable systemd.
  https://github.com/systemd/systemd/issues/22737

  The problem also occurs in Ubuntu 22.04 with a newer systemd release.
  As discussed in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538/comments/61 it's a tradeoff of issues.  So within Ubuntu something probably needs to be done about fwupd-refresh.service.

  One proposal is to remove DynamicUser=yes from the systemd unit, but
  this will mean fwupdgmr refresh runs as root.  It's relatively
  sandboxed by other security mechanisms, but still not ideal.  Could we
  repurpose any other service account?  Or alternatively we can make a
  new fwupd service account that this systemd unit uses.

To manage notifications about this bug go to:
https://bugs.launchpad.net/fwupd/+bug/1969976/+subscriptions

More information about the foundations-bugs mailing list