> The comment at https://github.com/fwupd/fwupd/issues/3037#issuecomment-1100816992 suggests that disabling the DynamicUser= setting makes the service work again. Maybe that's worth a try, in order to get both problems solved? (i.e. shipping an override config for fwupd)
The whole point of using DynamicUser in this case was so that fwupdmgr didn't run as root when it reached out to the web to get data. Yes, certainly turning off DynamicUser in fwupd-refresh.service will solve the problem, but that is then a different threat vector.
I think if turning off DynamicUser=1, then we probably need to also create a new service account for that systemd service to use.
> The comment at https:/ /github. com/fwupd/ fwupd/issues/ 3037#issuecomme nt-1100816992 suggests that disabling the DynamicUser= setting makes the service work again. Maybe that's worth a try, in order to get both problems solved? (i.e. shipping an override config for fwupd)
> $cat /etc/systemd/ system/ fwupd-refresh. service. d/override. conf
> [Service]
> DynamicUser=no
The whole point of using DynamicUser in this case was so that fwupdmgr didn't run as root when it reached out to the web to get data. Yes, certainly turning off DynamicUser in fwupd-refresh. service will solve the problem, but that is then a different threat vector.
I think if turning off DynamicUser=1, then we probably need to also create a new service account for that systemd service to use.
I'll open a new bug to move this discussion to: https:/ /bugs.launchpad .net/ubuntu/ +source/ systemd/ +bug/1969976