Ubuntu
systemd package

  1. Bug #1896772
  2. Comment #15

Comment 15 for bug 1896772

Revision history for this message
Jamie Strandboge (jdstrand) wrote (last edit ):

I grep'd for 'netif' in /etc and noticed:

$ sudo grep -r netif /etc
/etc/network/if-down.d/resolved: statedir=/run/systemd/resolve/netif
/etc/network/if-up.d/resolved: statedir=/run/systemd/resolve/netif
/etc/dhcp/dhclient-exit-hooks.d/resolved: statedir=/run/systemd/resolve/netif

/etc/network/if-up.d/resolved, /etc/network/if-down.d/resolved and /etc/dhcp/dhclient-exit-hooks.d/resolved all have code like this:

statedir=/run/systemd/resolve/netif
mkdir -p $statedir

but do not have a corresponding chown of /run/systemd/resolve/netif. There is a chown for `chown systemd-resolve:systemd-resolve "$statedir/$ifindex"` in /etc/network/if-up.d/resolved and /etc/dhcp/dhclient-exit-hooks.d/resolved.

This system has been upgraded many, many times (at least since yakkety). dhclient is being used for this interface. ifupdown is installed.

I adjusted both /etc/network/if-up.d/resolved and /etc/dhcp/dhclient-exit-hooks.d/resolved to have

  chown systemd-resolve:systemd-resolve "$statedir"

after the `mkdir -p $statedir`, then rebooted and the directory has the correct permissions. `journalctl --unit systemd-resolved.service` doesn't show the 'systemd-resolved[19095]: Failed to save link data /run/systemd/resolve/netif/3: Permission denied' errors on boot any more either.

UPDATE: my system uses NetworkManager which is what spawns dhclient. I noticed that if I purged the `ifupdown` package from universe (my system was using netplan and not /etc/network/interfaces already, so this was a safe operation for me), removed the chown I added to the /etc/dhcp/dhclient-exit-hooks.d/resolved and rebooted, the directory had the correct permissions. I think what is happening is that in the ifupdown case, something early in boot was calling /etc/network/if-up.d/resolved which created the directory with the wrong permissions, but with NetworkManager as the netplan renderer, the dhclient script is called later and the dir is created correctly. This feels racy and I believe the isc-dhcp-client package should be updated to include the chown.

As ifupdown is in universe, I'll prepare an upload for it that includes the chown which will hopefully help people who upgrade who happen to have it installed.