Bug 154391
Summary: | NetworkManager dies on startup | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Brian G. Anderson <bikehead> |
Component: | NetworkManager | Assignee: | Dan Williams <dcbw> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh, tjb |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-05-05 19:01:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 136450 |
Description
Brian G. Anderson
2005-04-11 13:10:15 UTC
If you've just installed it, you need to restart DBUS (service messagebus restart) to get the new NetworkManager security policy loaded... does that (or a reboot) fix the issue? No it's been installed for a while. I've checked that messagebus is running. I rebooted the system with NetworkManager enabled for levels 3 and 5. It always dies with the same stack. Any other suggestions? I'm seeing this too. Because I was having the problem with an FC4T1+current updates, I installed FC4T2 and updated. The problem persists. Ok, reports are this is due to SELinux policy changes made recently. It should be fixed quite soon. dwalsh: is that correct? There are no associated audit messages though. Has selinux verbosity been lowered? Are you seeing avc messages in either /var/log/messages or /var/log/audit/audit.log? If you do a setenforce 0 and start it, does it work? Dan Yest setenforce 0 and restarting NetworkManager sort of works. However the /var/log/messages log is filled with entries like: Apr 12 16:45:19 bartali dbus: avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=getStrength dest=org.freedesktop.NetworkManager spid=5635 tpid=12942 scontext=user_u:system_r:unconfined_t tcontext=root:system_r:NetworkManager_t tclass=dbus and there are tons of them. Yes, there avc messages are there. They're no longer reported to dmesg or /var/log/messages which is why I didn't see them. The most recent update has NetworkManager working again for me. Better but not completely fixed. Now when restarting NetworkManager and viewing /var/log/messages: Apr 13 14:39:37 continuity NetworkManager: <WARNING> (): nm_spawn_process('/etc/init.d/nifd status'): could not spawn process. (Failed to execute child process "/etc/init.d/nifd" (Permission denied)) Apr 13 14:39:37 continuity NetworkManager: <WARNING> (): nm_spawn_process('/etc/init.d/nifd stop'): could not spawn process. (Failed to execute child process "/etc/init.d/nifd" (Permission denied)) Apr 13 14:39:39 continuity named[3910]: shutting down Apr 13 14:39:39 continuity named[3910]: no longer listening on 127.0.0.1#53 Apr 13 14:39:39 continuity named[3910]: exiting Apr 13 14:39:40 continuity NetworkManager: <WARNING> (): could not monitor wired ethernet devices: unable to create netlink socket for monitoring wired ethernet devices - Permission denied Apr 13 14:39:40 continuity named[4028]: starting BIND 9.3.1 -f -u named -c /var/named/data/NetworkManager-named.conf Apr 13 14:39:40 continuity named[4028]: found 1 CPU, using 1 worker thread Apr 13 14:39:40 continuity named[4028]: loading configuration from '/var/named/data/NetworkManager-named.conf' Apr 13 14:39:40 continuity named[4028]: listening on IPv4 interface lo, 127.0.0.1#53 Apr 13 14:39:40 continuity named[4028]: /var/named/data/NetworkManager-named.conf:7: no forwarders seen; disabling forwarding Apr 13 14:39:40 continuity named[4028]: /var/named/data/NetworkManager-named.conf:7: no forwarders seen; disabling forwarding Apr 13 14:39:40 continuity named[4028]: running Because of the netlink socket error, NM can't tell when I switch from wired to wireless. Look for avc messages in /var/log/audit/audit.log type=KERNEL msg=audit(1113419934.184:5233136): item=0 name=/etc/init.d/nifd inode=132464 dev=fd:00 mode=0100755 uid=0 gid=0 rdev=00:00 type=KERNEL msg=audit(1113419934.184:5233136): syscall=11 exit=-13 a0=9c4d480 a1=9c4d460 a2=bfc2eb0c a3=400 items=1 pid=4325 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1113419934.184:5233136): avc: denied { execute } for pid=4325 exe=/usr/bin/NetworkManager name=nifd dev=dm-0 ino=132464 scontext=root:system_r:NetworkManager_t tcontext=system_u:object_r:initrc_exec_t tclass=file type=KERNEL msg=audit(1113419934.189:5234196): item=0 name=/etc/init.d/nifd inode=132464 dev=fd:00 mode=0100755 uid=0 gid=0 rdev=00:00 type=KERNEL msg=audit(1113419934.189:5234196): syscall=11 exit=-13 a0=9c4deb0 a1=9c4d4a8 a2=bfc2eb0c a3=400 items=1 pid=4326 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1113419934.189:5234196): avc: denied { execute } for pid=4326 exe=/usr/bin/NetworkManager name=nifd dev=dm-0 ino=132464 scontext=root:system_r:NetworkManager_t tcontext=system_u:object_r:initrc_exec_t tclass=file type=KERNEL msg=audit(1113419934.251:5237297): item=0 name=/home/tjb inode=2 dev=fd:01 mode=040755 uid=0 gid=0 rdev=00:00 type=KERNEL msg=audit(1113419934.251:5237297): syscall=195 exit=-13 a0=907cab8 a1=bf8679fc a2=99cff4 a3=bf8679fc items=1 pid=4327 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1113419934.251:5237297): avc: denied { search } for pid=4327 exe=/bin/bash name=/ dev=dm-1 ino=2 scontext=root:system_r:NetworkManager_t tcontext=system_u:object_r:default_t tclass=dir type=KERNEL msg=audit(1113419934.432:5239785): item=0 name=/etc/sysconfig/network-scripts/ifcfg-eth0 inode=134713 dev=fd:00 mode=0100644 uid=0 gid=0 rdev=00:00 type=KERNEL msg=audit(1113419934.432:5239785): syscall=5 exit=-13 a0=9c54980 a1=2 a2=bfc2d568 a3=9c54980 items=1 pid=4323 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1113419934.432:5239785): avc: denied { write } for pid=4323 exe=/usr/bin/NetworkManager name=ifcfg-eth0 dev=dm-0 ino=134713 scontext=root:system_r:NetworkManager_t tcontext=user_u:object_r:etc_t tclass=file type=KERNEL msg=audit(1113419934.803:5242758): item=0 name=/etc/sysconfig/network-scripts/ifcfg-eth1 inode=134731 dev=fd:00 mode=0100644 uid=0 gid=0 rdev=00:00 type=KERNEL msg=audit(1113419934.803:5242758): syscall=5 exit=-13 a0=9c56270 a1=2 a2=bfc2d568 a3=9c56270 items=1 pid=4323 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1113419934.803:5242758): avc: denied { write } for pid=4323 exe=/usr/bin/NetworkManager name=ifcfg-eth1 dev=dm-0 ino=134731 scontext=root:system_r:NetworkManager_t tcontext=root:object_r:etc_t tclass=file type=KERNEL msg=audit(1113419936.893:5250897): syscall=102 exit=-13 a0=1 a1=bfc2e0a0 a2=9c56a38 a3=9c4def8 items=0 pid=4323 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1113419936.893:5250897): avc: denied { create } for pid=4323 exe=/usr/bin/NetworkManager scontext=root:system_r:NetworkManager_t tcontext=root:system_r:NetworkManager_t tclass=netlink_route_socket Dan: note that the nifd stuff is not necessary, if you'd like me to remove it I can. nifd provides the same functionality as NM (ie, it simply kicks mDNSResponder and autoipd when an interface goes up or down) and that's why I was trying to stop it. However, there's no adverse affect of running it at the same time as NM, so I can pull out the code that attempts to stop nifd if you'd like. Dan can you just put that in the NetworkManager startup script to kill nifd if it is running? And not allow nifd to run if networkManager is running. I can easily at the netlink_route stuff. Not killing nifd will be fixed in NetworkManager-0.4-11.cvs22050404 |