Comment 18 for bug 1438612

Created attachment 114829
system bus: do not allow stopping the system dbus-daemon

There is nothing that prevents D-Bus from stopping very early,
way earlier than all of the Type=dbus services. There is an
attempt to prevent that as systemd implies "After=dbus.socket"
for Type=dbus units, but that doesn't save us: you can't re-start
D-Bus after shutting it down and expect things to just work, as
it loses all of its state.

Putting dbus.service Before basic.target was considered and rejected,
because it's a recipe for cyclic dependencies: as soon as
dbus.service wants to be After anything that is After basic.target
(e.g. NIS and other user databases, or remote filesystems) you
get a cycle. dbus-daemon does not need to start early, it only
needs to stop late.

systemd has a final killing spree before it unmounts the
file systems, which should be sufficient to avoid dbus-daemon
preventing a separate /usr from being unmounted; this does not
consider KillMode. dbus-daemon doesn't need to do anything special
during shutdown, so it's OK that it survives until then.

Based on a suggestion from Michael Biebl and Martin Pitt.

---

How's this? I made the stop command be "echo" instead of "true" so that it leaves a hint in systemctl status if someone tries to stop it by hand.

Unfortunately, "systemctl restart dbus" (which was never supported either) will now start a second dbus-daemon in parallel with the first, and in my testing, the second one will get all new connections. Any ideas for how to avoid that? Perhaps it would be better to make the stop command exit nonzero? ... but then we'd log scary messages during a normal shutdown, which is no better really.