Props to @chrisawi for hitting at what seems to be the solution!! I haven’t completely tested it - unrelated issues with my release pipeline - but the API I’m using bears this out.
As the C API docs indicate, the sdbus API treats methods on the system bus as “privileged” by default, and requires that unprivileged methods are explicitly marked as such in the service definition code.
My service is written in Python with python-sdbus, and indeed, it does support this API.
So in my code, I had something like:
@dbus_method_async("")
async def eject(self: Self) -> None:
"""
Eject the tape.
"""
self.client.eject()
and I needed to change it to:
@dbus_method_async("", flags=sdbus.DbusUnprivilegedFlag)
async def eject(self: Self) -> None:
"""
Eject the tape.
"""
self.client.eject()
Like I said, I haven’t been able to fully test this end-to-end. But I’m really confident that this is the answer, and so am posting this as the solution.
Thanks!