Systemd-resolved fails on initial load

sawinjer · December 24, 2022, 9:57am

When I boot my PC I got an issue with DNS (/etc/resolv.conf is empty)
After research I found that on start sytemed-resiolved Fails with such errors:

$ journalctl -b -u systemd-resolved.service --no-hostname --no-pager

Dec 21 22:59:52 systemd-resolved[855]: Using system hostname 'sawinjer-machine'.
Dec 21 22:59:52 systemd-resolved[855]: Failed to connect to system bus: Permission denied
Dec 21 22:59:52 systemd-resolved[855]: Could not create manager: Permission denied
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=1/FAILURE
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 21 22:59:52 systemd[1]: Failed to start systemd-resolved.service - Network Name Resolution.
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.

All I found, topics about systemd-networkd, but I checked, and this service starts in normal mode

I’ve already tried to disable systemd-resolved, but it doesn’t help me
A temporary fix that I using now - that restart NetworkManager.service, it all fixes, but it is so annoying to do it on every boot

Also, I got such a certificates issue
which means that without VPN I can’t connect to some sites

But it can be another source of this issue because it appeared after the last (yesterday) update

grumpey · December 24, 2022, 12:28pm

can you check, ls -l /etc/resolv.conf
it should be a link /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

Can you also include the journal for NetworkManager, and what was upgraded?

Thanks

sawinjer · December 24, 2022, 12:37pm

$ ls -l /etc/resolv.conf

lrwxrwxrwx. 1 root root 39 Jul 18 17:15 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

$ journalctl -b -u NetworkManger.service --no-hostname --no-pager

-- No entries --

$ systemctl status NetworkManager.service

NetworkManager.service - Network Manager
     Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled)
     Active: active (running) since Sat 2022-12-24 14:32:56 EET; 2min 3s ago
       Docs: man:NetworkManager(8)
   Main PID: 1160 (NetworkManager)
      Tasks: 3 (limit: 16596)
     Memory: 9.2M
        CPU: 1.169s
     CGroup: /system.slice/NetworkManager.service
             └─1160 /usr/sbin/NetworkManager --no-daemon

Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.5749] dhcp4 (wlo1): state changed new lease, address=192.168.0.84
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.5753] policy: set 'Tunami' (wlo1) as default for IPv4 routing and DNS
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6469] device (wlo1): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6501] device (wlo1): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6505] device (wlo1): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6510] manager: NetworkManager state is now CONNECTED_SITE
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6519] device (wlo1): Activation: successful, device activated.
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6528] manager: startup complete
Dec 24 14:33:08 sawinjer-machine NetworkManager[1160]: <info>  [1671885188.1658] agent-manager: agent[bafa1c08384c248e,:1.41/org.gnome.Shell.NetworkAgent/42]: agent registered
Dec 24 14:33:35 sawinjer-machine NetworkManager[1160]: <info>  [1671885215.2780] agent-manager: agent[0ae1d818a30bdc02,:1.88/org.gnome.Shell.NetworkAgent/1000]: agent registered

grumpey · December 24, 2022, 1:07pm

journalctl -b -u NetworkManager

sawinjer · December 24, 2022, 1:14pm

grumpey · December 24, 2022, 5:19pm

Can you post a journal from a boot where it fails.
journalctl -b

Thanks

sawinjer · December 24, 2022, 6:27pm

grumpey · December 25, 2022, 7:29pm

Can you check and see if booting with selinux in permissive allows resolved to start?
https://docs.fedoraproject.org/en-US/quick-docs/changing-selinux-states-and-modes/

Thanks

sawinjer · December 25, 2022, 10:06pm

I really don’t know how, but it worked for me!
Both of the problems were resolved!

Thank you very much, your help is precious to me!

grumpey · December 25, 2022, 11:45pm

Can you do:
sudo fixfiles onboot

And then reboot, this may take a bit depending on your machine.
This is going to go through and relabel everything the to the defaults.

After rebooting can you check.
journalctl -b -g AVC

You’re looking for something similar to the below.

Dec 24 20:23:41 sawinjer-machine audit[813]: AVC avc: denied { watch } for pid=813 comm=“systemd-resolve” path=“/” dev=“nvme0n1p3” ino=256 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0

If there are no entries, put SELINUX back to enforcing and see if everything works.
Thanks

sawinjer · December 26, 2022, 7:48am

After sudo fixfiles onboot I’ve successfully had booted with sestatus enforcing and all works
journalctl -b -g AVC was empty

fgrose · December 29, 2022, 2:50pm

Where is the bug that causes this problem tracked?