I wiped those two directories and reinstalled firewalld.
myhost ~ # restic backup /etc/firewalld /usr/lib/firewalld
myhost ~ # rm -rf /etc/firewalld
myhost ~ # rm -rf /usr/lib/firewalld
myhost ~ # dnf reinstall firewalld
Still errors on firewall-cmd --state
first time after wipe and reinstall is more verbose than second run.
[root@myhost ~]# firewall-cmd --state
ERROR:dbus.proxies:Introspect error on :1.54:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
failed
[root@myhost ~]#
myhost ~ # firewall-cmd --state
failed
myhost ~ #
My /var/log/messages is getting huge sometimes, actually often, the dates seem confused when I tail and / or less - like from Oct weird. I don’t know if it’s related, seemed to crop up after hostname change yesterday, then again when I ran hostnamectl set-hostname redacted
today. I’m pretty sure I ran it yesterday as is my habit but just to be sure.
myhost ~ # ll -h /var/log/messages*
-rw------- 1 root root 10M Dec 30 20:34 /var/log/messages
-rw------- 1 root root 274K Dec 5 02:24 /var/log/messages-20211205
-rw------- 1 root root 315K Dec 12 02:24 /var/log/messages-20211212
-rw------- 1 root root 252K Dec 19 02:24 /var/log/messages-20211219
-rw------- 1 root root 2.1M Dec 26 02:24 /var/log/messages-20211226
myhost ~ #
Anyway, I noticed Dec 30 18:54:06 redacted.new dbus-daemon[122]: [system] Rejected send message, 0 matched rules; type="error", sender=":1.40" (uid=0 pid=822 comm="/usr/libexec/platform-python -s /usr/sbin/firewall") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.E
Lot’s more ‘slice’ errors…
I installed polkit
and rebooted. - I have another Rocky instance on another VPS provider where firewalld
and crowdsec
are working I am using for some comparisons. The working vm had polkit installed…
myhost ~ # cat /var/log/messages | grep 'Dec 30' | grep sbin
Dec 30 18:54:06 new.redacted.hostname dbus-daemon[122]: [system] Rejected send message, 0 matched rules; type="error", sender=":1.40" (uid=0 pid=822 comm="/usr/libexec/platform-python -s /usr/sbin/firewall") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.ServiceUnknown" requested_reply="0" destination=":1.51" (uid=0 pid=968 comm="/usr/libexec/platform-python -s /usr/bin/firewall-")
Dec 30 18:54:06 new.redacted.hostname dbus-daemon[122]: [system] Rejected send message, 0 matched rules; type="error", sender=":1.40" (uid=0 pid=822 comm="/usr/libexec/platform-python -s /usr/sbin/firewall") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.ServiceUnknown" requested_reply="0" destination=":1.51" (uid=0 pid=968 comm="/usr/libexec/platform-python -s /usr/bin/firewall-")
Dec 30 19:05:42 new.redacted.hostname dbus-daemon[122]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.59' (uid=0 pid=1644 comm="/usr/libexec/platform-python -s /usr/sbin/firewall")
Dec 30 19:08:25 new.redacted.hostname dbus-daemon[127]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.2' (uid=0 pid=129 comm="/usr/libexec/platform-python -s /usr/sbin/firewall")
Dec 30 19:16:24 new.redacted.hostname dbus-daemon[119]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.2' (uid=0 pid=120 comm="/usr/libexec/platform-python -s /usr/sbin/firewall")
myhost ~ #
An example of weird dates. I’m thinking of forcing a logrotate
myhost ~ # systemctl status user@1000
● user@1000.service - User Manager for UID 1000
Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset: disabled)
Active: failed (Result: protocol) since Thu 2021-12-30 20:54:50 MST; 1min 25s ago
Process: 2372 ExecStart=/usr/lib/systemd/systemd --user (code=exited, status=1/FAILURE)
Main PID: 2372 (code=exited, status=1/FAILURE)
Dec 30 20:54:50 new.redacted.hostname systemd[1]: Starting User Manager for UID 1000...
Dec 30 20:54:50 new.redacted.hostname systemd[2372]: pam_unix(systemd-user:session): session opened for user jeffa by (uid=0)
Dec 30 20:54:50 new.redacted.hostname systemd[1]: user@1000.service: Failed with result 'protocol'.
Dec 30 20:54:50 new.redacted.hostname systemd[1]: Failed to start User Manager for UID 1000.
Oct 15 04:12:20 old.redacted.hostname systemd[14224]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Oct 15 04:12:20 old.redacted.hostname systemd[14224]: Failed to allocate manager object: Permission denied
Aug 20 23:25:02 old.redacted.hostname systemd[194600]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Aug 20 23:25:02 old.redacted.hostname systemd[194600]: Failed to allocate manager object: Permission denied
Aug 20 23:25:02 old.redacted.hostname systemd[194601]: pam_unix(systemd-user:session): session closed for user jeffa
Dec 24 09:39:51 old.redacted.hostname systemd[142358]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Dec 24 09:39:51 old.redacted.hostname systemd[142358]: Failed to allocate manager object: Permission denied
Dec 26 14:02:20 old.redacted.hostname systemd[236186]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Dec 26 14:02:20 old.redacted.hostname systemd[236186]: Failed to allocate manager object: Permission denied
Dec 26 14:05:38 old.redacted.hostname systemd[236257]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Dec 26 14:05:38 old.redacted.hostname systemd[236257]: Failed to allocate manager object: Permission denied
Dec 27 08:55:23 old.redacted.hostname systemd[268377]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Dec 27 08:55:23 old.redacted.hostname systemd[268377]: Failed to allocate manager object: Permission denied
Dec 27 20:06:23 old.redacted.hostname systemd[280499]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Dec 27 20:06:23 old.redacted.hostname systemd[280499]: Failed to allocate manager object: Permission denied
Dec 27 20:06:23 old.redacted.hostname systemd[280500]: pam_unix(systemd-user:session): session closed for user jeffa
Dec 30 20:54:50 new.redacted.hostname systemd[2372]: Failed to create /user.slice/user-1000.slice/user@1000.service/init.scope control group: Permission denied
Dec 30 20:54:50 new.redacted.hostname systemd[2372]: Failed to allocate manager object: Permission denied
myhost ~ #
I feel I should perhaps fix this as I’ve seen some indication that the sbin/rirewall command is failing related to the user@1000 problems… Perhaps I should start a new thread for that.