Bug ID 1200182
Summary systemd-resolved cannot bind port 53
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS openSUSE Tumbleweed
Status NEW
Severity Normal
Priority P5 - None
Component MicroOS
Assignee kubic-bugs@opensuse.org
Reporter paul@pbarker.dev
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

On a fresh installation of OpenSUSE MicroOS, I have attempted to switch to
systemd-networkd and systemd-resolved to manage my network connections
following the instructions in
https://en.opensuse.org/Network_Management_With_Systemd. However, when trying
to enable systemd-resolved I hit an error:

alpha:~ # systemctl enable --now systemd-resolved
Created symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service ���������
/usr/lib/systemd/system/systemd-resolved.service.
Created symlink
/etc/systemd/system/multi-user.target.wants/systemd-resolved.service ���������
/usr/lib/systemd/system/systemd-resolved.service.
Job for systemd-resolved.service failed because the control process exited with
error code.
See "systemctl status systemd-resolved.service" and "journalctl -xeu
systemd-resolved.service" for details.

alpha:~ # journalctl -xeu systemd-resolved.service
������������������ Subject: Automatic restarting of a unit has been scheduled

������������������ Defined-By: systemd
������������������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
������������������
������������������ Automatic restarting of the unit systemd-resolved.service has been
scheduled, as the result for
������������������ the configured Restart= setting for the unit.
Jun 02 21:51:19 alpha.cephei.uk systemd[1]: Stopped Network Name Resolution.
������������������ Subject: A stop job for unit systemd-resolved.service has finished
������������������ Defined-By: systemd
������������������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
������������������
������������������ A stop job for unit systemd-resolved.service has finished.
������������������
������������������ The job identifier is 1376 and the job result is done.
Jun 02 21:51:19 alpha.cephei.uk systemd[1]: Starting Network Name Resolution...
������������������ Subject: A start job for unit systemd-resolved.service has begun execution
������������������ Defined-By: systemd
������������������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
������������������
������������������ A start job for unit systemd-resolved.service has begun execution.
������������������
������������������ The job identifier is 1376.
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Positive Trust Anchors:
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: . IN DS 20326 8 2
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Negative trust anchors:
home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa
18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa
22.172.in-addr.arpa 23.172.in-addr.arpa 24.>
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Using system hostname
'alpha.cephei.uk'.
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed
to bind socket: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to process RTNL
link message: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed
to bind socket: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to process RTNL
link message: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed
to bind socket: Permission denied

Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to process RTNL
link message: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv6(UDP): Failed
to bind socket: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed
to bind socket: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to listen on UDP
socket 127.0.0.53:53: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to start
manager: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed
to bind socket: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv6(UDP): Failed
to bind socket: Permission denied
Jun 02 21:51:19 alpha.cephei.uk systemd[1]: systemd-resolved.service: Main
process exited, code=exited, status=1/FAILURE
������������������ Subject: Unit process exited
������������������ Defined-By: systemd
������������������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
������������������
������������������ An ExecStart= process belonging to unit systemd-resolved.service has exited.
������������������
������������������ The process' exit code is 'exited' and its exit status is 1.
Jun 02 21:51:19 alpha.cephei.uk systemd[1]: systemd-resolved.service: Failed
with result 'exit-code'.
������������������ Subject: Unit failed
������������������ Defined-By: systemd
������������������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
������������������
������������������ The unit systemd-resolved.service has entered the 'failed' state with result
'exit-code'.
Jun 02 21:51:19 alpha.cephei.uk systemd[1]: Failed to start Network Name
Resolution.

It appears that the permission denied errors when systemd-resolved tried to
bind port 53 are caused by SELinux. I confirmed that this is the case by
disabling SELinux and retrying the command - this resulted in systemd-resolved
successfully starting.

Therefore I think there is an error in the SELinux policy here -
systemd-resolved should be able to bind port 53 on localhost to offer DNS
resolution services.


You are receiving this mail because: