From: Zbigniew Jędrzejewski-Szmek Date: Thu, 14 Nov 2019 13:28:05 +0000 (+0100) Subject: core: do not propagate polkit error to caller X-Git-Tag: v244-rc1~49 X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=commitdiff_plain;h=7edd8fb198f3e8a95677df8a8f5016ed40dcff54 core: do not propagate polkit error to caller If we fail to start polkit, we get a message like "org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer.", which has no meaning for the caller of our StartUnit method. Let's just return -EACCES. $ systemctl start apache Failed to start apache.service: Could not activate remote peer. (before) Failed to start apache.service: Access denied (after) Fixes #13865. --- diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 5fbc55770e1..aea46d31199 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -411,7 +411,8 @@ int bus_verify_polkit_async( e = sd_bus_message_get_error(q->reply); /* Treat no PK available as access denied */ - if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) + if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN) || + sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER)) return -EACCES; /* Copy error from polkit reply */ @@ -422,7 +423,6 @@ int bus_verify_polkit_async( r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}"); if (r >= 0) r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge); - if (r < 0) return r;