systemd-timesyncd fails to start on boot after fresh install CentOS 9-Stream systemd[1]: Starting systemd-timesyncd.service... systemd-timesyncd[1138]: Failed to connect to bus: Permission denied systemd-timesyncd[1138]: Could not connect to bus: Permission denied systemd[1]: systemd-timesyncd.service: Main process exited, code=exited, status=1/FAILURE systemd[1]: systemd-timesyncd.service: Failed with result 'exit-code'. systemd[1]: Failed to start systemd-timesyncd.service. audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-timesyncd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' systemd[1]: systemd-timesyncd.service: Scheduled restart job, restart counter is at 5. systemd[1]: Stopped systemd-timesyncd.service. audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-timesyncd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-timesyncd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' systemd[1]: systemd-timesyncd.service: Start request repeated too quickly. systemd[1]: systemd-timesyncd.service: Failed with result 'exit-code'. systemd[1]: Failed to start systemd-timesyncd.service. Please backport fix from https://bugzilla.redhat.com/show_bug.cgi?id=1949315
Caught in enforcing mode: ---- type=PROCTITLE msg=audit(03/03/2023 05:48:53.794:365) : proctitle=/usr/lib/systemd/systemd-timesyncd type=PATH msg=audit(03/03/2023 05:48:53.794:365) : item=0 name=/run/systemd/ inode=2 dev=00:19 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(03/03/2023 05:48:53.794:365) : cwd=/ type=SYSCALL msg=audit(03/03/2023 05:48:53.794:365) : arch=x86_64 syscall=inotify_add_watch success=no exit=EACCES(Permission denied) a0=0xa a1=0x562e0f710062 a2=0x40000100 a3=0x7ffcc0736d5c items=1 ppid=1 pid=4563 auid=unset uid=systemd-timesync gid=systemd-timesync euid=systemd-timesync suid=systemd-timesync fsuid=systemd-timesync egid=systemd-timesync sgid=systemd-timesync fsgid=systemd-timesync tty=(none) ses=unset comm=systemd-timesyn exe=/usr/lib/systemd/systemd-timesyncd subj=system_u:system_r:systemd_timedated_t:s0 key=(null) type=AVC msg=audit(03/03/2023 05:48:53.794:365) : avc: denied { watch } for pid=4563 comm=systemd-timesyn path=/run/systemd dev="tmpfs" ino=2 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir permissive=0 ---- # rpm -qa systemd\* selinux\* | sort selinux-policy-38.1.8-1.el9.noarch selinux-policy-targeted-38.1.8-1.el9.noarch systemd-252-8.el9.x86_64 systemd-libs-252-8.el9.x86_64 systemd-pam-252-8.el9.x86_64 systemd-rpm-macros-252-8.el9.noarch systemd-timesyncd-250.3-1.el9.x86_64 systemd-udev-252-8.el9.x86_64 #
Caught in permissive mode: ---- type=PROCTITLE msg=audit(03/03/2023 05:50:49.621:374) : proctitle=/usr/lib/systemd/systemd-timesyncd type=PATH msg=audit(03/03/2023 05:50:49.621:374) : item=0 name=/run/systemd/ inode=2 dev=00:19 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(03/03/2023 05:50:49.621:374) : cwd=/ type=SYSCALL msg=audit(03/03/2023 05:50:49.621:374) : arch=x86_64 syscall=inotify_add_watch success=yes exit=1 a0=0xa a1=0x560c1d99d062 a2=0x40000100 a3=0x7ffe2e0ee3bc items=1 ppid=1 pid=4596 auid=unset uid=systemd-timesync gid=systemd-timesync euid=systemd-timesync suid=systemd-timesync fsuid=systemd-timesync egid=systemd-timesync sgid=systemd-timesync fsgid=systemd-timesync tty=(none) ses=unset comm=systemd-timesyn exe=/usr/lib/systemd/systemd-timesyncd subj=system_u:system_r:systemd_timedated_t:s0 key=(null) type=AVC msg=audit(03/03/2023 05:50:49.621:374) : avc: denied { watch } for pid=4596 comm=systemd-timesyn path=/run/systemd dev="tmpfs" ino=2 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir permissive=1 ---- # matchpathcon /run/systemd/ /run/systemd system_u:object_r:init_var_run_t:s0 # The systemd-timesyncd package comes from EPEL.
The reported problem have been resolved with policy rebase, i. e. using selinux-policy-38.1.1-1 or newer. This problem: type=AVC msg=audit(03/03/2023 05:50:49.621:374) : avc: denied { watch } for pid=4596 comm=systemd-timesyn path=/run/systemd dev="tmpfs" ino=2 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir permissive=1 is a different one, resolved only in Fedora.
Installed Packages selinux-policy.noarch 38.1.8-1.el9 @anaconda Available Packages selinux-policy.noarch 38.1.3-1.el9 baseos selinux-policy.noarch 38.1.4-1.el9 baseos selinux-policy.noarch 38.1.5-1.el9 baseos selinux-policy.noarch 38.1.6-1.el9 baseos selinux-policy.noarch 38.1.8-1.el9 baseos
*** Bug 2217509 has been marked as a duplicate of this bug. ***
For https://issues.redhat.com/browse/OCPBUGS-14237, we need this fix backported to RHEL 9.2. Thanks!