but do not have a corresponding chown of /run/systemd/resolve/netif. There is a chown for `chown systemd-resolve:systemd-resolve "$statedir/$ifindex"` in /etc/network/if-up.d/resolved and /etc/dhcp/dhclient-exit-hooks.d/resolved.
This system has been upgraded many, many times (at least since yakkety). dhclient is being used for this interface. ifupdown is installed.
I adjusted both /etc/network/if-up.d/resolved and /etc/dhcp/dhclient-exit-hooks.d/resolved to have
chown systemd-resolve:systemd-resolve "$statedir"
after the `mkdir -p $statedir`, then rebooted and the directory has the correct permissions. `journalctl --unit systemd-resolved.service` doesn't show the 'systemd-resolved[19095]: Failed to save link data /run/systemd/resolve/netif/3: Permission denied' errors on boot any more either.
UPDATE: my system uses NetworkManager which is what spawns dhclient. I noticed that if I purged the `ifupdown` package from universe (my system was using netplan and not /etc/network/interfaces already, so this was a safe operation for me), removed the chown I added to the /etc/dhcp/dhclient-exit-hooks.d/resolved and rebooted, the directory had the correct permissions. I think what is happening is that in the ifupdown case, something early in boot was calling /etc/network/if-up.d/resolved which created the directory with the wrong permissions, but with NetworkManager as the netplan renderer, the dhclient script is called later and the dir is created correctly. This feels racy and I believe the isc-dhcp-client package should be updated to include the chown.
As ifupdown is in universe, I'll prepare an upload for it that includes the chown which will hopefully help people who upgrade who happen to have it installed.
I grep'd for 'netif' in /etc and noticed:
$ sudo grep -r netif /etc if-down. d/resolved: statedir= /run/systemd/ resolve/ netif if-up.d/ resolved: statedir= /run/systemd/ resolve/ netif dhclient- exit-hooks. d/resolved: statedir= /run/systemd/ resolve/ netif
/etc/network/
/etc/network/
/etc/dhcp/
/etc/network/ if-up.d/ resolved, /etc/network/ if-down. d/resolved and /etc/dhcp/ dhclient- exit-hooks. d/resolved all have code like this:
statedir= /run/systemd/ resolve/ netif
mkdir -p $statedir
but do not have a corresponding chown of /run/systemd/ resolve/ netif. There is a chown for `chown systemd- resolve: systemd- resolve "$statedir/ $ifindex" ` in /etc/network/ if-up.d/ resolved and /etc/dhcp/ dhclient- exit-hooks. d/resolved.
This system has been upgraded many, many times (at least since yakkety). dhclient is being used for this interface. ifupdown is installed.
I adjusted both /etc/network/ if-up.d/ resolved and /etc/dhcp/ dhclient- exit-hooks. d/resolved to have
chown systemd- resolve: systemd- resolve "$statedir"
after the `mkdir -p $statedir`, then rebooted and the directory has the correct permissions. `journalctl --unit systemd- resolved. service` doesn't show the 'systemd- resolved[ 19095]: Failed to save link data /run/systemd/ resolve/ netif/3: Permission denied' errors on boot any more either.
UPDATE: my system uses NetworkManager which is what spawns dhclient. I noticed that if I purged the `ifupdown` package from universe (my system was using netplan and not /etc/network/ interfaces already, so this was a safe operation for me), removed the chown I added to the /etc/dhcp/ dhclient- exit-hooks. d/resolved and rebooted, the directory had the correct permissions. I think what is happening is that in the ifupdown case, something early in boot was calling /etc/network/ if-up.d/ resolved which created the directory with the wrong permissions, but with NetworkManager as the netplan renderer, the dhclient script is called later and the dir is created correctly. This feels racy and I believe the isc-dhcp-client package should be updated to include the chown.
As ifupdown is in universe, I'll prepare an upload for it that includes the chown which will hopefully help people who upgrade who happen to have it installed.