[Bug 1200182] New: systemd-resolved cannot bind port 53
http://bugzilla.opensuse.org/show_bug.cgi?id=1200182 Bug ID: 1200182 Summary: systemd-resolved cannot bind port 53 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: MicroOS Assignee: kubic-bugs@opensuse.org Reporter: paul@pbarker.dev QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- On a fresh installation of OpenSUSE MicroOS, I have attempted to switch to systemd-networkd and systemd-resolved to manage my network connections following the instructions in https://en.opensuse.org/Network_Management_With_Systemd. However, when trying to enable systemd-resolved I hit an error: alpha:~ # systemctl enable --now systemd-resolved Created symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service ��� /usr/lib/systemd/system/systemd-resolved.service. Created symlink /etc/systemd/system/multi-user.target.wants/systemd-resolved.service ��� /usr/lib/systemd/system/systemd-resolved.service. Job for systemd-resolved.service failed because the control process exited with error code. See "systemctl status systemd-resolved.service" and "journalctl -xeu systemd-resolved.service" for details. alpha:~ # journalctl -xeu systemd-resolved.service ������ Subject: Automatic restarting of a unit has been scheduled ������ Defined-By: systemd ������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ������ ������ Automatic restarting of the unit systemd-resolved.service has been scheduled, as the result for ������ the configured Restart= setting for the unit. Jun 02 21:51:19 alpha.cephei.uk systemd[1]: Stopped Network Name Resolution. ������ Subject: A stop job for unit systemd-resolved.service has finished ������ Defined-By: systemd ������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ������ ������ A stop job for unit systemd-resolved.service has finished. ������ ������ The job identifier is 1376 and the job result is done. Jun 02 21:51:19 alpha.cephei.uk systemd[1]: Starting Network Name Resolution... ������ Subject: A start job for unit systemd-resolved.service has begun execution ������ Defined-By: systemd ������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ������ ������ A start job for unit systemd-resolved.service has begun execution. ������ ������ The job identifier is 1376. Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Positive Trust Anchors: Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.> Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Using system hostname 'alpha.cephei.uk'. Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed to bind socket: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to process RTNL link message: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed to bind socket: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to process RTNL link message: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed to bind socket: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to process RTNL link message: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv6(UDP): Failed to bind socket: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed to bind socket: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to listen on UDP socket 127.0.0.53:53: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: Failed to start manager: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv4(UDP): Failed to bind socket: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd-resolved[1643]: LLMNR-IPv6(UDP): Failed to bind socket: Permission denied Jun 02 21:51:19 alpha.cephei.uk systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=1/FAILURE ������ Subject: Unit process exited ������ Defined-By: systemd ������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ������ ������ An ExecStart= process belonging to unit systemd-resolved.service has exited. ������ ������ The process' exit code is 'exited' and its exit status is 1. Jun 02 21:51:19 alpha.cephei.uk systemd[1]: systemd-resolved.service: Failed with result 'exit-code'. ������ Subject: Unit failed ������ Defined-By: systemd ������ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ������ ������ The unit systemd-resolved.service has entered the 'failed' state with result 'exit-code'. Jun 02 21:51:19 alpha.cephei.uk systemd[1]: Failed to start Network Name Resolution. It appears that the permission denied errors when systemd-resolved tried to bind port 53 are caused by SELinux. I confirmed that this is the case by disabling SELinux and retrying the command - this resulted in systemd-resolved successfully starting. Therefore I think there is an error in the SELinux policy here - systemd-resolved should be able to bind port 53 on localhost to offer DNS resolution services. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200182 http://bugzilla.opensuse.org/show_bug.cgi?id=1200182#c1 --- Comment #1 from Paul Barker <paul@pbarker.dev> --- Ping on this - I've had no response in over a month. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200182 http://bugzilla.opensuse.org/show_bug.cgi?id=1200182#c3 Aaron Burnett <mullein@adelie.io> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mullein@adelie.io --- Comment #3 from Aaron Burnett <mullein@adelie.io> --- I'm experiencing this as well, and can confirm this seems to be related to SELinux. Setting SELinux to permissive mode allows resolved to work correctly. I suppose the policy needs to be updated? -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com