Bug 826365
Summary: | NetworkManager-0.9.4-6 broke VPN and others | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Arnold Wang <arnold.x.wang> | ||||
Component: | NetworkManager | Assignee: | Dan Williams <dcbw> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 16 | CC: | danw, dcbw, jklimes | ||||
Target Milestone: | --- | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-06-07 12:23:51 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Arnold Wang
2012-05-30 04:37:01 UTC
You can close the bug report now. Apprently a simple reboot, I did reboot the machine after the update, did "fix" the problem. Strange. ok Actually, I just realized this is a bug and it is related to SELinux. I forgot that I changed the SELinux to permissive mode before my last reboot. The problem came back after I changed to enforcing mode again. I tried to "audit2allow -alr" in the permissive mode and what came up seems unrelated to NetworkManager which seems strange to me. I have the output pasted below any way. Please let me know how I can test this for you to further trouble shooting. -bash-4.2# audit2allow -alr require { type init_t; type initrc_t; type colord_t; type cupsd_t; class dbus send_msg; } #============= colord_t ============== allow colord_t initrc_t:dbus send_msg; #============= cupsd_t ============== allow cupsd_t init_t:dbus send_msg; What AVCs are you seeing? Try a VPN connection and search for the AVC: # ausearch -m avc -ts today I tried in "permissive" mode and I didn't get anything from the ausearch, even after I connected to VPN successfully. I know this may sound weird, however the only difference I changed to make the system working is set to "permissive" mode and reboot. The following is the test I just did, outputs with comments. ### System booted in "enforcing" mode [awang@mars ~]$ sudo su - -bash-4.2# getenforce Enforcing -bash-4.2# systemctl status NetworkManager.service NetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled) Active: active (running) since Mon, 04 Jun 2012 15:36:07 -0700; 1min 13s ago Main PID: 1089 (NetworkManager) CGroup: name=systemd:/system/NetworkManager.service ├ 1089 /usr/sbin/NetworkManager --no-daemon └ 1500 /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-clie... ### The NetworkManager is running, however I can't see its icon in notification area ### As shown in the top half of the attached screen shot, error.jpg -bash-4.2# systemctl restart NetworkManager.service -bash-4.2# systemctl status NetworkManager.service NetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled) Active: active (running) since Mon, 04 Jun 2012 15:37:37 -0700; 6s ago Main PID: 2601 (NetworkManager) CGroup: name=systemd:/system/NetworkManager.service ├ 2601 /usr/sbin/NetworkManager --no-daemon └ 2611 /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-clie... ### Restart the NetworkManager would make the icon appear in the notification area. ### As shown in the bottom half of the screen shot, error.jpg. ### However the VPN still wouldn't work. -bash-4.2# tail -f /var/log/messages Jun 4 15:37:38 mars abrtd: DUP_OF_DIR: /var/spool/abrt/ccpp-2012-06-04-15:34:44-2303 Jun 4 15:37:38 mars abrtd: Problem directory is a duplicate of /var/spool/abrt/ccpp-2012-06-04-15:34:44-2303 Jun 4 15:37:38 mars abrtd: Deleting problem directory ccpp-2012-06-04-15:37:37-2309 (dup of ccpp-2012-06-04-15:34:44-2303) Jun 4 15:37:39 mars avahi-daemon[1849]: Registering new address record for fe80::16da:e9ff:fef5:4699 on p6p1.*. Jun 4 15:37:39 mars dnsmasq[1304]: reading /etc/resolv.conf Jun 4 15:37:39 mars dnsmasq[1304]: using nameserver 192.168.254.1#53 Jun 4 15:37:57 mars NetworkManager[2601]: <info> (p6p1): IP6 addrconf timed out or failed. Jun 4 15:37:57 mars NetworkManager[2601]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) scheduled... Jun 4 15:37:57 mars NetworkManager[2601]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) started... Jun 4 15:37:57 mars NetworkManager[2601]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) complete. Jun 4 15:40:08 mars NetworkManager[2601]: <info> Starting VPN service 'openconnect'... Jun 4 15:40:09 mars NetworkManager[2601]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 2824 Jun 4 15:40:09 mars NetworkManager[2601]: <info> VPN service 'openconnect' appeared; activating connections Jun 4 15:40:09 mars NetworkManager[2601]: <info> VPN plugin state changed: init (1) Jun 4 15:40:09 mars NetworkManager[2601]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring... Jun 4 15:40:09 mars NetworkManager[2601]: <error> [1338849609.55797] [nm-vpn-connection.c:934] get_secrets_cb(): Failed to request VPN secrets #2: (6) No agents were available for this request. Jun 4 15:40:09 mars NetworkManager[2601]: <info> Policy set 'Wired connection 1' (p6p1) as default for IPv4 routing and DNS. Jun 4 15:40:14 mars avahi-daemon[1849]: Withdrawing workstation service for vpn0. Jun 4 15:40:14 mars NetworkManager[2601]: <info> VPN service 'openconnect' disappeared ^C ### Manually set it to "permissive" mode wouldn't help. -bash-4.2# setenforce 0 -bash-4.2# systemctl restart NetworkManager.service -bash-4.2# systemctl status NetworkManager.service NetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled) Active: active (running) since Mon, 04 Jun 2012 15:41:26 -0700; 8s ago Main PID: 2865 (NetworkManager) CGroup: name=systemd:/system/NetworkManager.service ├ 2865 /usr/sbin/NetworkManager --no-daemon └ 2873 /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-clie... -bash-4.2# tail -f /var/log/messages ...... Jun 4 15:41:46 mars NetworkManager[2865]: <info> (p6p1): IP6 addrconf timed out or failed. Jun 4 15:41:46 mars NetworkManager[2865]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) scheduled... Jun 4 15:41:46 mars NetworkManager[2865]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) started... Jun 4 15:41:46 mars NetworkManager[2865]: <info> Activation (p6p1) Stage 4 of 5 (IPv6 Configure Timeout) complete. Jun 4 15:42:00 mars NetworkManager[2865]: <info> Starting VPN service 'openconnect'... Jun 4 15:42:00 mars NetworkManager[2865]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 3015 Jun 4 15:42:00 mars NetworkManager[2865]: <info> VPN service 'openconnect' appeared; activating connections Jun 4 15:42:00 mars NetworkManager[2865]: <info> VPN plugin state changed: init (1) Jun 4 15:42:00 mars NetworkManager[2865]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring... Jun 4 15:42:00 mars NetworkManager[2865]: <error> [1338849720.986549] [nm-vpn-connection.c:934] get_secrets_cb(): Failed to request VPN secrets #2: (6) No agents were available for this request. Jun 4 15:42:00 mars NetworkManager[2865]: <info> Policy set 'Wired connection 1' (p6p1) as default for IPv4 routing and DNS. Jun 4 15:42:05 mars avahi-daemon[1849]: Withdrawing workstation service for vpn0. Jun 4 15:42:05 mars NetworkManager[2865]: <info> VPN service 'openconnect' disappeared ^C -bash-4.2# ### Reboot the machine in "permissive" mode and everything starts to work again. [awang@mars ~]$ sudo su - -bash-4.2# getenforce Permissive -bash-4.2# tail -f /var/log/messages ....... Jun 4 15:44:58 mars NetworkManager[1081]: <info> Starting VPN service 'openconnect'... Jun 4 15:44:58 mars NetworkManager[1081]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 2158 Jun 4 15:44:58 mars NetworkManager[1081]: <info> VPN service 'openconnect' appeared; activating connections Jun 4 15:44:58 mars NetworkManager[1081]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring... Jun 4 15:45:03 mars NetworkManager[1081]: <info> VPN plugin state changed: starting (3) Jun 4 15:45:03 mars NetworkManager[1081]: <info> VPN connection 'ALF' (Connect) reply received. Jun 4 15:45:03 mars openconnect[2167]: Attempting to connect to 206.113.209.252:443 Jun 4 15:45:03 mars openconnect[2167]: SSL negotiation with vpn-alf.inovis.com Jun 4 15:45:04 mars openconnect[2167]: Connected to HTTPS on vpn-alf.inovis.com Jun 4 15:45:04 mars openconnect[2167]: Got CONNECT response: HTTP/1.1 200 OK Jun 4 15:45:04 mars openconnect[2167]: CSTP connected. DPD 30, Keepalive 20 Jun 4 15:45:04 mars NetworkManager[1081]: <info> VPN connection 'ALF' (IP Config Get) reply received. Jun 4 15:45:04 mars NetworkManager[1081]: <info> VPN Gateway: 206.113.209.252 Jun 4 15:45:04 mars NetworkManager[1081]: <info> Tunnel Device: vpn0 Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 Address: 10.32.202.20 Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 Prefix: 24 Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 Point-to-Point Address: 10.32.202.20 Jun 4 15:45:04 mars NetworkManager[1081]: <info> Maximum Segment Size (MSS): 0 Jun 4 15:45:04 mars NetworkManager[1081]: <info> Forbid Default Route: no Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 DNS: 10.32.1.20 Jun 4 15:45:04 mars NetworkManager[1081]: <info> Internal IP4 DNS: 10.32.1.21 Jun 4 15:45:04 mars NetworkManager[1081]: <info> DNS Domain: 'itlogon.com' Jun 4 15:45:04 mars openconnect[2167]: Connected vpn0 as 10.32.202.20, using SSL + deflate Jun 4 15:45:04 mars dnsmasq[1286]: reading /etc/resolv.conf Jun 4 15:45:04 mars dnsmasq[1286]: using nameserver 192.168.254.1#53 Jun 4 15:45:04 mars openconnect[2167]: Established DTLS connection Jun 4 15:45:05 mars NetworkManager[1081]: <info> VPN connection 'ALF' (IP Config Get) complete. Jun 4 15:45:05 mars NetworkManager[1081]: <info> Policy set 'ALF' (vpn0) as default for IPv4 routing and DNS. Jun 4 15:45:05 mars NetworkManager[1081]: <info> VPN plugin state changed: started (4) Jun 4 15:45:05 mars dbus[1120]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper) Jun 4 15:45:05 mars NetworkManager[1081]: keyfile: updating /etc/NetworkManager/system-connections/ALF Jun 4 15:45:05 mars dbus-daemon[1120]: dbus[1120]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper) Jun 4 15:45:05 mars dbus[1120]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' Jun 4 15:45:05 mars dbus-daemon[1120]: dbus[1120]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' Jun 4 15:45:07 mars chronyd[1115]: Selected source 65.23.154.62 ^C ### There is no AVC messages. -bash-4.2# -bash-4.2# ausearch -m avc -ts today <no matches> -bash-4.2# ### I have no reason to believe these are related to the problem I'm dealing with. -bash-4.2# audit2allow -alr require { type init_t; type initrc_t; type colord_t; type cupsd_t; class dbus send_msg; } #============= colord_t ============== allow colord_t initrc_t:dbus send_msg; #============= cupsd_t ============== allow cupsd_t init_t:dbus send_msg; Created attachment 589288 [details]
screen shot of notification area.
*** This bug has been marked as a duplicate of bug 826706 *** |