Bug 154391

Summary: NetworkManager dies on startup
Product: [Fedora] Fedora Reporter: Brian G. Anderson <bikehead>
Component: NetworkManagerAssignee: Dan Williams <dcbw>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, tjb
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-05-05 19:01:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 136450    

Description Brian G. Anderson 2005-04-11 13:10:15 UTC 
Description of problem:
NetworkManager dies on startup with the following message in the log:

Apr 11 06:00:11 bartali NetworkManager: <WARNING>         ():
nm_spawn_process('/etc/init.d/nifd status'): could not spawn process. (Failed to
execute child process "/etc/init.d/nifd" (Permission denied))
Apr 11 06:00:11 bartali NetworkManager: <WARNING>         ():
nm_spawn_process('/etc/init.d/nifd stop'): could not spawn process. (Failed to
execute child process "/etc/init.d/nifd" (Permission denied))
Apr 11 06:00:11 bartali NetworkManager: <WARNING>         (): nm_dbus_init()
could not get the system bus.  Make sure the message bus daemon is running?
Apr 11 06:00:11 bartali NetworkManager: <ERROR> [1113224411.683508]  ():
nm_dbus_init() failed, exiting. Either dbus is not running, or the
NetworkManager dbus
security policy was not loaded.
Apr 11 06:00:11 bartali NetworkManager: traceback:
Apr 11 06:00:11 bartali NetworkManager:         NetworkManager [0x805d43a]
Apr 11 06:00:11 bartali NetworkManager:        
/lib/libc.so.6(__libc_start_main+0xc6) [0xb87de6]
Apr 11 06:00:11 bartali NetworkManager:         NetworkManager [0x804c871]



Version-Release number of selected component (if applicable):
NetworkManager-0.4-6.cvs20050404

How reproducible:
Always


Steps to Reproduce:
1. start NetworkManager
2.
3.
  
Actual results:
Dies with message in logs

Expected results:
NM starts and connect my network

Additional info:
Comment 1 Dan Williams 2005-04-11 13:59:27 UTC 
If you've just installed it, you need to restart DBUS (service messagebus
restart) to get the new NetworkManager security policy loaded...  does that (or
a reboot) fix the issue?
Comment 2 Brian G. Anderson 2005-04-11 21:09:03 UTC 
No it's been installed for a while.  I've checked that messagebus is running. I
rebooted the system with NetworkManager enabled for levels 3 and 5.  It always
dies with the same stack.

Any other suggestions?
Comment 3 Thomas J. Baker 2005-04-12 19:13:23 UTC 
I'm seeing this too. Because I was having the problem with an FC4T1+current
updates, I installed FC4T2 and updated. The problem persists.
Comment 4 Dan Williams 2005-04-12 19:57:45 UTC 
Ok, reports are this is due to SELinux policy changes made recently.  It should
be fixed quite soon.

dwalsh: is that correct?
Comment 5 Thomas J. Baker 2005-04-12 20:01:07 UTC 
There are no associated audit messages though. Has selinux verbosity been lowered?
Comment 6 Daniel Walsh 2005-04-12 21:40:35 UTC 
Are you seeing avc messages in either /var/log/messages or /var/log/audit/audit.log?

If you do a setenforce 0 and start it, does it work?

Dan
Comment 7 Brian G. Anderson 2005-04-12 23:49:37 UTC 
Yest setenforce 0 and restarting NetworkManager sort of works.  However the
/var/log/messages log is filled with entries like:

Apr 12 16:45:19 bartali dbus: avc:  denied  { send_msg } for msgtype=method_call
interface=org.freedesktop.NetworkManager member=getStrength
dest=org.freedesktop.NetworkManager spid=5635 tpid=12942
scontext=user_u:system_r:unconfined_t tcontext=root:system_r:NetworkManager_t
tclass=dbus

and there are tons of them.
Comment 8 Thomas J. Baker 2005-04-13 13:26:47 UTC 
Yes, there avc messages are there. They're no longer reported to dmesg or
/var/log/messages which is why I didn't see them.
Comment 9 Brian G. Anderson 2005-04-13 17:29:03 UTC 
The most recent update has NetworkManager working again for me.
Comment 10 Thomas J. Baker 2005-04-13 18:44:46 UTC 
Better but not completely fixed. Now when restarting NetworkManager and viewing
/var/log/messages:

Apr 13 14:39:37 continuity NetworkManager: <WARNING>      ():
nm_spawn_process('/etc/init.d/nifd status'): could not spawn process. (Failed to
execute child process "/etc/init.d/nifd" (Permission denied))
Apr 13 14:39:37 continuity NetworkManager: <WARNING>      ():
nm_spawn_process('/etc/init.d/nifd stop'): could not spawn process. (Failed to
execute child process "/etc/init.d/nifd" (Permission denied))
Apr 13 14:39:39 continuity named[3910]: shutting down
Apr 13 14:39:39 continuity named[3910]: no longer listening on 127.0.0.1#53
Apr 13 14:39:39 continuity named[3910]: exiting
Apr 13 14:39:40 continuity NetworkManager: <WARNING>      (): could not monitor
wired ethernet devices: unable to create netlink socket for monitoring wired
ethernet devices - Permission denied
Apr 13 14:39:40 continuity named[4028]: starting BIND 9.3.1 -f -u named -c
/var/named/data/NetworkManager-named.conf
Apr 13 14:39:40 continuity named[4028]: found 1 CPU, using 1 worker thread
Apr 13 14:39:40 continuity named[4028]: loading configuration from
'/var/named/data/NetworkManager-named.conf'
Apr 13 14:39:40 continuity named[4028]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 13 14:39:40 continuity named[4028]:
/var/named/data/NetworkManager-named.conf:7: no forwarders seen; disabling
forwarding
Apr 13 14:39:40 continuity named[4028]:
/var/named/data/NetworkManager-named.conf:7: no forwarders seen; disabling
forwarding
Apr 13 14:39:40 continuity named[4028]: running

Because of the netlink socket error, NM can't tell when I switch from wired to
wireless.
Comment 11 Daniel Walsh 2005-04-13 19:14:12 UTC 
Look for avc messages in /var/log/audit/audit.log
Comment 12 Thomas J. Baker 2005-04-13 19:19:36 UTC 
type=KERNEL msg=audit(1113419934.184:5233136): item=0 name=/etc/init.d/nifd
inode=132464 dev=fd:00 mode=0100755 uid=0 gid=0 rdev=00:00
type=KERNEL msg=audit(1113419934.184:5233136): syscall=11 exit=-13 a0=9c4d480
a1=9c4d460 a2=bfc2eb0c a3=400 items=1 pid=4325 loginuid=-1 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
type=KERNEL msg=audit(1113419934.184:5233136): avc:  denied  { execute } for 
pid=4325 exe=/usr/bin/NetworkManager name=nifd dev=dm-0 ino=132464
scontext=root:system_r:NetworkManager_t tcontext=system_u:object_r:initrc_exec_t
tclass=file
type=KERNEL msg=audit(1113419934.189:5234196): item=0 name=/etc/init.d/nifd
inode=132464 dev=fd:00 mode=0100755 uid=0 gid=0 rdev=00:00
type=KERNEL msg=audit(1113419934.189:5234196): syscall=11 exit=-13 a0=9c4deb0
a1=9c4d4a8 a2=bfc2eb0c a3=400 items=1 pid=4326 loginuid=-1 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
type=KERNEL msg=audit(1113419934.189:5234196): avc:  denied  { execute } for 
pid=4326 exe=/usr/bin/NetworkManager name=nifd dev=dm-0 ino=132464
scontext=root:system_r:NetworkManager_t tcontext=system_u:object_r:initrc_exec_t
tclass=file
type=KERNEL msg=audit(1113419934.251:5237297): item=0 name=/home/tjb inode=2
dev=fd:01 mode=040755 uid=0 gid=0 rdev=00:00
type=KERNEL msg=audit(1113419934.251:5237297): syscall=195 exit=-13 a0=907cab8
a1=bf8679fc a2=99cff4 a3=bf8679fc items=1 pid=4327 loginuid=-1 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
type=KERNEL msg=audit(1113419934.251:5237297): avc:  denied  { search } for 
pid=4327 exe=/bin/bash name=/ dev=dm-1 ino=2
scontext=root:system_r:NetworkManager_t tcontext=system_u:object_r:default_t
tclass=dir
type=KERNEL msg=audit(1113419934.432:5239785): item=0
name=/etc/sysconfig/network-scripts/ifcfg-eth0 inode=134713 dev=fd:00
mode=0100644 uid=0 gid=0 rdev=00:00
type=KERNEL msg=audit(1113419934.432:5239785): syscall=5 exit=-13 a0=9c54980
a1=2 a2=bfc2d568 a3=9c54980 items=1 pid=4323 loginuid=-1 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
type=KERNEL msg=audit(1113419934.432:5239785): avc:  denied  { write } for 
pid=4323 exe=/usr/bin/NetworkManager name=ifcfg-eth0 dev=dm-0 ino=134713
scontext=root:system_r:NetworkManager_t tcontext=user_u:object_r:etc_t tclass=file
type=KERNEL msg=audit(1113419934.803:5242758): item=0
name=/etc/sysconfig/network-scripts/ifcfg-eth1 inode=134731 dev=fd:00
mode=0100644 uid=0 gid=0 rdev=00:00
type=KERNEL msg=audit(1113419934.803:5242758): syscall=5 exit=-13 a0=9c56270
a1=2 a2=bfc2d568 a3=9c56270 items=1 pid=4323 loginuid=-1 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
type=KERNEL msg=audit(1113419934.803:5242758): avc:  denied  { write } for 
pid=4323 exe=/usr/bin/NetworkManager name=ifcfg-eth1 dev=dm-0 ino=134731
scontext=root:system_r:NetworkManager_t tcontext=root:object_r:etc_t tclass=file
type=KERNEL msg=audit(1113419936.893:5250897): syscall=102 exit=-13 a0=1
a1=bfc2e0a0 a2=9c56a38 a3=9c4def8 items=0 pid=4323 loginuid=-1 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
type=KERNEL msg=audit(1113419936.893:5250897): avc:  denied  { create } for 
pid=4323 exe=/usr/bin/NetworkManager scontext=root:system_r:NetworkManager_t
tcontext=root:system_r:NetworkManager_t tclass=netlink_route_socket
Comment 13 Dan Williams 2005-04-13 19:37:20 UTC 
Dan: note that the nifd stuff is not necessary, if you'd like me to remove it I
can.  nifd provides the same functionality as NM (ie, it simply kicks
mDNSResponder and autoipd when an interface goes up or down) and that's why I
was trying to stop it.  However, there's no adverse affect of running it at the
same time as NM, so I can pull out the code that attempts to stop nifd if you'd
like.
Comment 14 Daniel Walsh 2005-04-13 20:18:03 UTC 
Dan can you just put that in the NetworkManager startup script to kill nifd if
it is running?

And not allow nifd to run if networkManager is running.


I can easily at the netlink_route stuff.
Comment 15 Dan Williams 2005-05-05 19:01:51 UTC 
Not killing nifd will be fixed in NetworkManager-0.4-11.cvs22050404