Ubuntu
gnome-initial-setup package

SetLocale and SetX11Keyboard auto-denied on Ubuntu

Bug #2101934 reported by Matthew Hagemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-initial-setup (Ubuntu)
New
Undecided
Unassigned

Bug Description

I kept seeing dbus-daemon denials in the journal while testing setting the system locale via Gnome Initial Setup:

```
dbus-daemon[971]: [system] Rejected send message, 3 matched rules; type="method_call", sender=":1.112" (uid=118 pid=2985 comm="/usr/libexec/gnome-initial-setup" label="unconfined") interface="org.freedesktop.locale1" member="SetLocale" error name="(unset)" requested_reply="0" destination=":1.104" (uid=0 pid=2926 comm="/usr/lib/systemd/systemd-localed" label="unconfined")
```

Digging in further I came across this configuration for dbus:

```
cat /usr/share/dbus-1/system.d/systemd-localed-read-only.conf
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
        "https://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">

<!--
On Debian and derivatives keymap/locales/etc are not set via localed,
but from legacy and incompatible components. But we still need to
enable localed so that GNOME can query it. Ensure not even root can
use it to modify the settings.
-->

<busconfig>
        <policy user="root">
                <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetLocale"/>
                <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetVConsoleKeyboard"/>
                <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetX11Keyboard"/>
        </policy>
        <policy context="default">
                <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetLocale"/>
                <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetVConsoleKeyboard"/>
                <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetX11Keyboard"/>
        </policy>
</busconfig>
```

Looking back through the logs, and from testing, SetX11Keyboard is also being denied.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.