Systemd-resolved fails on initial load

When I boot my PC I got an issue with DNS (/etc/resolv.conf is empty)
After research I found that on start sytemed-resiolved Fails with such errors:

$ journalctl -b -u systemd-resolved.service --no-hostname --no-pager

Dec 21 22:59:52 systemd-resolved[855]: Using system hostname 'sawinjer-machine'.
Dec 21 22:59:52 systemd-resolved[855]: Failed to connect to system bus: Permission denied
Dec 21 22:59:52 systemd-resolved[855]: Could not create manager: Permission denied
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=1/FAILURE
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 21 22:59:52 systemd[1]: Failed to start systemd-resolved.service - Network Name Resolution.
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.

All I found, topics about systemd-networkd, but I checked, and this service starts in normal mode

I’ve already tried to disable systemd-resolved, but it doesn’t help me
A temporary fix that I using now - that restart NetworkManager.service, it all fixes, but it is so annoying to do it on every boot

Also, I got such a certificates issue
which means that without VPN I can’t connect to some sites


But it can be another source of this issue because it appeared after the last (yesterday) update

2 Likes

can you check, ls -l /etc/resolv.conf
it should be a link /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

Can you also include the journal for NetworkManager, and what was upgraded?

Thanks

$ ls -l /etc/resolv.conf

lrwxrwxrwx. 1 root root 39 Jul 18 17:15 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
$ journalctl -b -u NetworkManger.service --no-hostname --no-pager

-- No entries --
$ systemctl status NetworkManager.service

NetworkManager.service - Network Manager
     Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled)
     Active: active (running) since Sat 2022-12-24 14:32:56 EET; 2min 3s ago
       Docs: man:NetworkManager(8)
   Main PID: 1160 (NetworkManager)
      Tasks: 3 (limit: 16596)
     Memory: 9.2M
        CPU: 1.169s
     CGroup: /system.slice/NetworkManager.service
             └─1160 /usr/sbin/NetworkManager --no-daemon

Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.5749] dhcp4 (wlo1): state changed new lease, address=192.168.0.84
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.5753] policy: set 'Tunami' (wlo1) as default for IPv4 routing and DNS
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6469] device (wlo1): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6501] device (wlo1): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6505] device (wlo1): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6510] manager: NetworkManager state is now CONNECTED_SITE
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6519] device (wlo1): Activation: successful, device activated.
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6528] manager: startup complete
Dec 24 14:33:08 sawinjer-machine NetworkManager[1160]: <info>  [1671885188.1658] agent-manager: agent[bafa1c08384c248e,:1.41/org.gnome.Shell.NetworkAgent/42]: agent registered
Dec 24 14:33:35 sawinjer-machine NetworkManager[1160]: <info>  [1671885215.2780] agent-manager: agent[0ae1d818a30bdc02,:1.88/org.gnome.Shell.NetworkAgent/1000]: agent registered

journalctl -b -u NetworkManager

Can you post a journal from a boot where it fails.
journalctl -b

Thanks

Can you check and see if booting with selinux in permissive allows resolved to start?
https://docs.fedoraproject.org/en-US/quick-docs/changing-selinux-states-and-modes/

Thanks

1 Like

I really don’t know how, but it worked for me!
Both of the problems were resolved!

Thank you very much, your help is precious to me!

Can you do:
sudo fixfiles onboot

And then reboot, this may take a bit depending on your machine.
This is going to go through and relabel everything the to the defaults.

After rebooting can you check.
journalctl -b -g AVC

You’re looking for something similar to the below.

Dec 24 20:23:41 sawinjer-machine audit[813]: AVC avc: denied { watch } for pid=813 comm=“systemd-resolve” path=“/” dev=“nvme0n1p3” ino=256 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0

If there are no entries, put SELINUX back to enforcing and see if everything works.
Thanks

10 Likes

After sudo fixfiles onboot I’ve successfully had booted with sestatus enforcing and all works
journalctl -b -g AVC was empty

1 Like

Where is the bug that causes this problem tracked?

1 Like

@grumpey Thank you for your solution. I ran into the same problem today with my Framework Laptop when it crashed. Once booted up I couldn’t connect.

I followed your instructions here and it worked perfectly for me. So wanted to thank you once again for taking the time to help the other person and in turn helping others as well.

I’ve got same issue, you advice helped. Thanks a lot!

This solution helped me, too. Thank you very much!

This procedure worked. Thank you, Joe. However, I recommend editing the comment (if possible) so that newcomers will read that they should first set the SELinux mode to permissive before they run fixfiles run at boot.

I read the rest of the thread to be sure it applied to my situation before applying the solution, but others may not be so cautious and may slow down help they’re receiving elsewhere on the discussion site.

Thanks again; the solution worked for me as described.