Bug 826365
| Summary: | NetworkManager-0.9.4-6 broke VPN and others | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Arnold Wang <arnold.x.wang> | ||||
| Component: | NetworkManager | Assignee: | Dan Williams <dcbw> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 16 | CC: | danw, dcbw, jklimes | ||||
| Target Milestone: | --- | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-06-07 12:23:51 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Arnold Wang
2012-05-30 04:37:01 UTC
You can close the bug report now. Apprently a simple reboot, I did reboot the machine after the update, did "fix" the problem. Strange. ok Actually, I just realized this is a bug and it is related to SELinux. I forgot that I changed the SELinux to permissive mode before my last reboot. The problem came back after I changed to enforcing mode again.
I tried to "audit2allow -alr" in the permissive mode and what came up seems unrelated to NetworkManager which seems strange to me. I have the output pasted below any way.
Please let me know how I can test this for you to further trouble shooting.
-bash-4.2# audit2allow -alr
require {
type init_t;
type initrc_t;
type colord_t;
type cupsd_t;
class dbus send_msg;
}
#============= colord_t ==============
allow colord_t initrc_t:dbus send_msg;
#============= cupsd_t ==============
allow cupsd_t init_t:dbus send_msg;
What AVCs are you seeing? Try a VPN connection and search for the AVC: # ausearch -m avc -ts today I tried in "permissive" mode and I didn't get anything from the ausearch, even after I connected to VPN successfully.
I know this may sound weird, however the only difference I changed to make the system working is set to "permissive" mode and reboot.
The following is the test I just did, outputs with comments.
### System booted in "enforcing" mode
[awang@mars ~]$ sudo su -
-bash-4.2# getenforce
Enforcing
-bash-4.2# systemctl status NetworkManager.service
NetworkManager.service - Network Manager
Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled)
Active: active (running) since Mon, 04 Jun 2012 15:36:07 -0700; 1min 13s ago
Main PID: 1089 (NetworkManager)
CGroup: name=systemd:/system/NetworkManager.service
├ 1089 /usr/sbin/NetworkManager --no-daemon
└ 1500 /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-clie...
### The NetworkManager is running, however I can't see its icon in notification area
### As shown in the top half of the attached screen shot, error.jpg
-bash-4.2# systemctl restart NetworkManager.service
-bash-4.2# systemctl status NetworkManager.service
NetworkManager.service - Network Manager
Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled)
Active: active (running) since Mon, 04 Jun 2012 15:37:37 -0700; 6s ago
Main PID: 2601 (NetworkManager)
CGroup: name=systemd:/system/NetworkManager.service
├ 2601 /usr/sbin/NetworkManager --no-daemon
└ 2611 /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-clie...
### Restart the NetworkManager would make the icon appear in the notification area.
### As shown in the bottom half of the screen shot, error.jpg.
### However the VPN still wouldn't work.
-bash-4.2# tail -f /var/log/messages
Jun 4 15:37:38 mars abrtd: DUP_OF_DIR: /var/spool/abrt/ccpp-2012-06-04-15:34:44-2303
Jun 4 15:37:38 mars abrtd: Problem directory is a duplicate of /var/spool/abrt/ccpp-2012-06-04-15:34:44-2303
Jun 4 15:37:38 mars abrtd: Deleting problem directory ccpp-2012-06-04-15:37:37-2309 (dup of ccpp-2012-06-04-15:34:44-2303)
Jun 4 15:37:39 mars avahi-daemon[1849]: Registering new address record for fe80::16da:e9ff:fef5:4699 on p6p1.*.
Jun 4 15:37:39 mars dnsmasq[1304]: reading /etc/resolv.conf
Jun 4 15:37:39 mars dnsmasq[1304]: using nameserver 192.168.254.1#53
Jun 4 15:37:57 mars NetworkManager[2601]: <info> (p6p1): IP6 addrconf timed out or failed.
Jun 4 15:37:57 mars NetworkManager[2601]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) scheduled...
Jun 4 15:37:57 mars NetworkManager[2601]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) started...
Jun 4 15:37:57 mars NetworkManager[2601]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) complete.
Jun 4 15:40:08 mars NetworkManager[2601]: <info> Starting VPN service 'openconnect'...
Jun 4 15:40:09 mars NetworkManager[2601]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 2824
Jun 4 15:40:09 mars NetworkManager[2601]: <info> VPN service 'openconnect' appeared; activating connections
Jun 4 15:40:09 mars NetworkManager[2601]: <info> VPN plugin state changed: init (1)
Jun 4 15:40:09 mars NetworkManager[2601]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring...
Jun 4 15:40:09 mars NetworkManager[2601]: <error> [1338849609.55797] [nm-vpn-connection.c:934] get_secrets_cb(): Failed to request VPN secrets #2: (6) No agents were available for this request.
Jun 4 15:40:09 mars NetworkManager[2601]: <info> Policy set 'Wired connection 1' (p6p1) as default for IPv4 routing and DNS.
Jun 4 15:40:14 mars avahi-daemon[1849]: Withdrawing workstation service for vpn0.
Jun 4 15:40:14 mars NetworkManager[2601]: <info> VPN service 'openconnect' disappeared
^C
### Manually set it to "permissive" mode wouldn't help.
-bash-4.2# setenforce 0
-bash-4.2# systemctl restart NetworkManager.service
-bash-4.2# systemctl status NetworkManager.service
NetworkManager.service - Network Manager
Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled)
Active: active (running) since Mon, 04 Jun 2012 15:41:26 -0700; 8s ago
Main PID: 2865 (NetworkManager)
CGroup: name=systemd:/system/NetworkManager.service
├ 2865 /usr/sbin/NetworkManager --no-daemon
└ 2873 /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-clie...
-bash-4.2# tail -f /var/log/messages
......
Jun 4 15:41:46 mars NetworkManager[2865]: <info> (p6p1): IP6 addrconf timed out or failed.
Jun 4 15:41:46 mars NetworkManager[2865]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) scheduled...
Jun 4 15:41:46 mars NetworkManager[2865]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) started...
Jun 4 15:41:46 mars NetworkManager[2865]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) complete.
Jun 4 15:42:00 mars NetworkManager[2865]: <info> Starting VPN service 'openconnect'...
Jun 4 15:42:00 mars NetworkManager[2865]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 3015
Jun 4 15:42:00 mars NetworkManager[2865]: <info> VPN service 'openconnect' appeared; activating connections
Jun 4 15:42:00 mars NetworkManager[2865]: <info> VPN plugin state changed: init (1)
Jun 4 15:42:00 mars NetworkManager[2865]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring...
Jun 4 15:42:00 mars NetworkManager[2865]: <error> [1338849720.986549] [nm-vpn-connection.c:934] get_secrets_cb(): Failed to request VPN secrets #2: (6) No agents were available for this request.
Jun 4 15:42:00 mars NetworkManager[2865]: <info> Policy set 'Wired connection 1' (p6p1) as default for IPv4 routing and DNS.
Jun 4 15:42:05 mars avahi-daemon[1849]: Withdrawing workstation service for vpn0.
Jun 4 15:42:05 mars NetworkManager[2865]: <info> VPN service 'openconnect' disappeared
^C
-bash-4.2#
### Reboot the machine in "permissive" mode and everything starts to work again.
[awang@mars ~]$ sudo su -
-bash-4.2# getenforce
Permissive
-bash-4.2# tail -f /var/log/messages
.......
Jun 4 15:44:58 mars NetworkManager[1081]: <info> Starting VPN service 'openconnect'...
Jun 4 15:44:58 mars NetworkManager[1081]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 2158
Jun 4 15:44:58 mars NetworkManager[1081]: <info> VPN service 'openconnect' appeared; activating connections
Jun 4 15:44:58 mars NetworkManager[1081]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring...
Jun 4 15:45:03 mars NetworkManager[1081]: <info> VPN plugin state changed: starting (3)
Jun 4 15:45:03 mars NetworkManager[1081]: <info> VPN connection 'ALF' (Connect) reply received.
Jun 4 15:45:03 mars openconnect[2167]: Attempting to connect to 206.113.209.252:443
Jun 4 15:45:03 mars openconnect[2167]: SSL negotiation with vpn-alf.inovis.com
Jun 4 15:45:04 mars openconnect[2167]: Connected to HTTPS on vpn-alf.inovis.com
Jun 4 15:45:04 mars openconnect[2167]: Got CONNECT response: HTTP/1.1 200 OK
Jun 4 15:45:04 mars openconnect[2167]: CSTP connected. DPD 30, Keepalive 20
Jun 4 15:45:04 mars NetworkManager[1081]: <info> VPN connection 'ALF' (IP Config Get) reply received.
Jun 4 15:45:04 mars NetworkManager[1081]: <info> VPN Gateway: 206.113.209.252
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Tunnel Device: vpn0
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 Address: 10.32.202.20
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 Prefix: 24
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 Point-to-Point Address: 10.32.202.20
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Maximum Segment Size (MSS): 0
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Forbid Default Route: no
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 DNS: 10.32.1.20
Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 DNS: 10.32.1.21
Jun 4 15:45:04 mars NetworkManager[1081]: <info> DNS Domain: 'itlogon.com'
Jun 4 15:45:04 mars openconnect[2167]: Connected vpn0 as 10.32.202.20, using SSL + deflate
Jun 4 15:45:04 mars dnsmasq[1286]: reading /etc/resolv.conf
Jun 4 15:45:04 mars dnsmasq[1286]: using nameserver 192.168.254.1#53
Jun 4 15:45:04 mars openconnect[2167]: Established DTLS connection
Jun 4 15:45:05 mars NetworkManager[1081]: <info> VPN connection 'ALF' (IP Config Get) complete.
Jun 4 15:45:05 mars NetworkManager[1081]: <info> Policy set 'ALF' (vpn0) as default for IPv4 routing and DNS.
Jun 4 15:45:05 mars NetworkManager[1081]: <info> VPN plugin state changed: started (4)
Jun 4 15:45:05 mars dbus[1120]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jun 4 15:45:05 mars NetworkManager[1081]: keyfile: updating /etc/NetworkManager/system-connections/ALF
Jun 4 15:45:05 mars dbus-daemon[1120]: dbus[1120]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jun 4 15:45:05 mars dbus[1120]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jun 4 15:45:05 mars dbus-daemon[1120]: dbus[1120]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jun 4 15:45:07 mars chronyd[1115]: Selected source 65.23.154.62
^C
### There is no AVC messages.
-bash-4.2#
-bash-4.2# ausearch -m avc -ts today
<no matches>
-bash-4.2#
### I have no reason to believe these are related to the problem I'm dealing with.
-bash-4.2# audit2allow -alr
require {
type init_t;
type initrc_t;
type colord_t;
type cupsd_t;
class dbus send_msg;
}
#============= colord_t ==============
allow colord_t initrc_t:dbus send_msg;
#============= cupsd_t ==============
allow cupsd_t init_t:dbus send_msg;
Created attachment 589288 [details]
screen shot of notification area.
*** This bug has been marked as a duplicate of bug 826706 *** |