Monitoring D-Bus calls from systemd-run

June 01, 2021 1 minute read

Recently, I was working on a tool that incidentally makes ephemeral units on the systemd user instance to do what one would use atd for on an older system. As part of working on that, I needed to figure out what RPC calls I had to do to add the unit. Attempts to use dbus-monitor or busctl monitor on the session bus failed to find any traffic.

I investigated this by straceing the execution to find it was using some socket /run/user/1000/systemd/private. From some helpful folks on irc in #systemd, I found out that this is some kind of socket using the D-Bus serialization stuff but is not a bus, and thus can't be intercepted (I tried).

The solution to this was to use --machine @.host, which will cause systemd-run to communicate on the session/system D-Bus instances as it is going through the code path to connect to a container but connecting to the host. Thus I got my traffic and could do the same calls myself.