Systemd-resolved fails on initial load

sawinjer · December 24, 2022, 9:57am

When I boot my PC I got an issue with DNS (/etc/resolv.conf is empty)
After research I found that on start sytemed-resiolved Fails with such errors:

$ journalctl -b -u systemd-resolved.service --no-hostname --no-pager

Dec 21 22:59:52 systemd-resolved[855]: Using system hostname 'sawinjer-machine'.
Dec 21 22:59:52 systemd-resolved[855]: Failed to connect to system bus: Permission denied
Dec 21 22:59:52 systemd-resolved[855]: Could not create manager: Permission denied
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=1/FAILURE
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 21 22:59:52 systemd[1]: Failed to start systemd-resolved.service - Network Name Resolution.
Dec 21 22:59:52 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.

All I found, topics about systemd-networkd, but I checked, and this service starts in normal mode

I’ve already tried to disable systemd-resolved, but it doesn’t help me
A temporary fix that I using now - that restart NetworkManager.service, it all fixes, but it is so annoying to do it on every boot

Also, I got such a certificates issue
which means that without VPN I can’t connect to some sites

But it can be another source of this issue because it appeared after the last (yesterday) update

grumpey · December 24, 2022, 12:28pm

can you check, ls -l /etc/resolv.conf
it should be a link /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

Can you also include the journal for NetworkManager, and what was upgraded?

Thanks

sawinjer · December 24, 2022, 12:37pm

$ ls -l /etc/resolv.conf

lrwxrwxrwx. 1 root root 39 Jul 18 17:15 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

$ journalctl -b -u NetworkManger.service --no-hostname --no-pager

-- No entries --

$ systemctl status NetworkManager.service

NetworkManager.service - Network Manager
     Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled)
     Active: active (running) since Sat 2022-12-24 14:32:56 EET; 2min 3s ago
       Docs: man:NetworkManager(8)
   Main PID: 1160 (NetworkManager)
      Tasks: 3 (limit: 16596)
     Memory: 9.2M
        CPU: 1.169s
     CGroup: /system.slice/NetworkManager.service
             └─1160 /usr/sbin/NetworkManager --no-daemon

Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.5749] dhcp4 (wlo1): state changed new lease, address=192.168.0.84
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.5753] policy: set 'Tunami' (wlo1) as default for IPv4 routing and DNS
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6469] device (wlo1): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6501] device (wlo1): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6505] device (wlo1): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6510] manager: NetworkManager state is now CONNECTED_SITE
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6519] device (wlo1): Activation: successful, device activated.
Dec 24 14:33:03 sawinjer-machine NetworkManager[1160]: <info>  [1671885183.6528] manager: startup complete
Dec 24 14:33:08 sawinjer-machine NetworkManager[1160]: <info>  [1671885188.1658] agent-manager: agent[bafa1c08384c248e,:1.41/org.gnome.Shell.NetworkAgent/42]: agent registered
Dec 24 14:33:35 sawinjer-machine NetworkManager[1160]: <info>  [1671885215.2780] agent-manager: agent[0ae1d818a30bdc02,:1.88/org.gnome.Shell.NetworkAgent/1000]: agent registered

grumpey · December 24, 2022, 1:07pm

journalctl -b -u NetworkManager

sawinjer · December 24, 2022, 1:14pm

grumpey · December 24, 2022, 5:19pm

Can you post a journal from a boot where it fails.
journalctl -b

Thanks

sawinjer · December 24, 2022, 6:27pm

grumpey · December 25, 2022, 7:29pm

Can you check and see if booting with selinux in permissive allows resolved to start?
https://docs.fedoraproject.org/en-US/quick-docs/changing-selinux-states-and-modes/

Thanks

sawinjer · December 25, 2022, 10:06pm

I really don’t know how, but it worked for me!
Both of the problems were resolved!

Thank you very much, your help is precious to me!

grumpey · December 25, 2022, 11:45pm

Can you do:
sudo fixfiles onboot

And then reboot, this may take a bit depending on your machine.
This is going to go through and relabel everything the to the defaults.

After rebooting can you check.
journalctl -b -g AVC

You’re looking for something similar to the below.

Dec 24 20:23:41 sawinjer-machine audit[813]: AVC avc: denied { watch } for pid=813 comm=“systemd-resolve” path=“/” dev=“nvme0n1p3” ino=256 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0

If there are no entries, put SELINUX back to enforcing and see if everything works.
Thanks

sawinjer · December 26, 2022, 7:48am

After sudo fixfiles onboot I’ve successfully had booted with sestatus enforcing and all works
journalctl -b -g AVC was empty

fgrose · December 29, 2022, 2:50pm

Where is the bug that causes this problem tracked?

unsavedcircus · March 29, 2023, 7:19pm

@grumpey Thank you for your solution. I ran into the same problem today with my Framework Laptop when it crashed. Once booted up I couldn’t connect.

I followed your instructions here and it worked perfectly for me. So wanted to thank you once again for taking the time to help the other person and in turn helping others as well.

zawertun · August 6, 2023, 10:31am

I’ve got same issue, you advice helped. Thanks a lot!