zyga
commented
4 years ago @jhenstridge do you think we could make it better for core 20 (one less bind mount)?
Closed jhenstridge closed 4 years ago
zyga
commented
4 years ago @jhenstridge do you think we could make it better for core 20 (one less bind mount)?
This supercedes for PR #98, and is intended for use by https://github.com/snapcore/snapd/pull/6258
In order to have dbus-daemon look for service activation files under
/var/lib/snapd, we need to drop configuration fragments into/etc/dbus-1/session.dand/etc/dbus-1/system.d. The latter was already writable so the dbus interface can poke holes in the system bus security policy, but the former was not.I've simply added the
session.ddirectory here, but an alternative would be to simply make all of/etc/dbus-1writable, which would save a bind mount. The downside of that is that on transition the/etc/dbus-1/session.ddirectory might go missing. That is unlikely to cause problems though because:Ubuntu Core devices don't tend to run a session bus.
dbus-daemon's configuration file parser does not treat a missing
<includedir>as an error: https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/config-parser.c#L2478