We have to see, we have to know...

Lately, I wanted debug a problem with NetworkManager. As this service communicates via DBUS I wanted to intercept all traffic on the bus to see what happens there.

But it appears that even root doesn't have the authority to sniff the DBUS by default. In my opinion, this is a very strange default setting and makes troubleshooting unneccesarily difficult. I understand that the system bus is well-protected, but there is no extra security in disallowing root this privilege.

I tried various "solutions" I found on google, but the only thing that worked for me is to completely disable the DBUS security policy (temporarily), replacing the <policy> in /etc/dbus/system.conf with:

  <policy context="default">
    <!-- All users can connect to system bus -->
    <allow user="*"/>
    <!-- Allow everything to be sent -->
    <allow send_destination="*" eavesdrop="true"/>
    <!-- Allow everything to be received -->
    <allow eavesdrop="true"/>
    <!-- Allow anyone to own anything -->
    <allow own="*"/>
  </policy>

I also had to comment out the following, which loads a special permissions file for each installed application.

  <includedir>system.d</includedir>

A system restart was needed after this, after which I was finally able to see everything on the system bus. Be very careful about making changes to the system bus, because the entire system is dependent on it these days (Keyboard and mouse did not work inside X anymore after making a wrong change).

After changing the security policy, you will see everything with the following command

 dbus-monitor --system 
Don't do this if more people can log in to your host (and access services bound on localhost), as they'll have a way to do bad stuff™. Don't forget to re-enable the security afterwards, it's there for good reason.

Written on May 11, 2010
Filed under