Re: [systemd-devel] Permissions problems with systemd-networkd and others.

2024-02-12 Thread Cristian Rodríguez
On Wed, Feb 7, 2024 at 5:42 PM Murrell, Robert A. 
wrote:

> I finally got everything working.  Here is what I did to fix the problem:
>
>
>
> adduser systemd-network root
>
> adduser systemd-resolve root
>
> adduser bind root
>
> find /etc -type d -exec chmod 755 {} +
>

No!.. Now you are breaking the security model.. step by step´towards the
cliff..

users need to be created correctly, a well-known way is by using
systemd-sysusers.


Re: [systemd-devel] Permissions problems with systemd-networkd and others.

2024-02-07 Thread Dave Howorth
On Wed, 7 Feb 2024 20:41:40 +
"Murrell, Robert A."  wrote:
> I finally got everything working.  Here is what I did to fix the
> problem:
> 
> adduser systemd-network root
> adduser systemd-resolve root
> adduser bind root
> find /etc -type d -exec chmod 755 {} +
> 
> I don’t know who does this on a full linux image.  I’m posting it
> here for the next person who has this problem. I would suggest that
> release testing include a minimal Linux image to support embedded and
> IoT devices.

I would have thought this is a question for your distro rather than for
systemd?
 
> Robert Murrell
> Embedded Software Engineer
> STANLEY Assembly Technologies
> 
> 2500 Meijer Dr., Troy, MI 48084
> T 248-677-9740
> robert.murr...@sbdinc.com |
> www.StanleyEngineeredFastening.com
> 
> [http://esignature.stanleyblackanddecker.com/images/stanleyengineeredfastening.png]
> 
> This email, including any attached files, is intended only for the
> person to whom or the entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance
> upon, this information by persons or entities other than the intended
> recipient is prohibited. If you received this in error, please
> contact the sender and delete the material from any computer.
> 
> 
> From: Murrell, Robert A. 
> Sent: Wednesday, February 7, 2024 11:43 AM
> To: systemd-devel@lists.freedesktop.org
> Subject: RE: Permissions problems with systemd-networkd and others.
> 
> I should have added that I am building a very stripped down image.
> These are the Debian packages that are being installed:
> 
> linux-image-6.2.0 - locally built
> firmware-imx-epdc - locally built
> firmware-imx-sdma - locally built
> firmware-imx-vpu - locally built
> firmware-realtek - locally built
> busybox
> locales
> u-boot-image-mspmb-2017.11 - locally built
> u-boot-tools-mspmb-2017.11 - locally built
> dosfstools
> openssl
> libmbedtls12
> gnutls-bin
> gdbserver
> socat
> fdisk
> nano
> ssh
> openvpn
> iwd
> iproute2
> nftables
> net-tools
> usbutils
> iputils-ping
> dnsutils
> isc-dhcp-server
> hostapd
> bind9
> wireless-tools
> wpasupplicant
> policykit-1
> weston
> kbd
> xwayland
> mesa-utils
> libdrm-etnaviv1
> chromium
> fonts-arphic-uming
> fonts-ipafont-mincho
> fonts-ipafont-gothic
> gstreamer1.0-plugins-good
> gstreamer1.0-plugins-bad
> gstreamer1.0-plugins-ugly
> v4l-utils
> kmod
> mono-runtime
> rng-tools
> cron
> 
> I installed policykit-1 after my first request, but it didn’t help.
> Also, here is an excerpt from the journal:
> 
> Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service:
> Scheduled restart job, restart counter is at 4. Jun 18 14:56:02
> mspmbsat systemd[1]: Stopped Network Service. Jun 18 14:56:02
> mspmbsat systemd[1]: Starting Network Service... Jun 18 14:56:02
> mspmbsat systemd[241]: systemd-networkd.service: Failed to
> execute /lib/systemd/systemd-networkd: Permission denied Jun 18
> 14:56:02 mspmbsat systemd[241]: systemd-networkd.service: Failed at
> step EXEC spawning /lib/systemd/systemd-networkd: Permission denied
> Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Main
> process exited, code=exited, status=203/EXEC Jun 18 14:56:02 mspmbsat
> systemd[1]: systemd-networkd.service: Failed with result 'exit-code'.
> 
> Jun 18 14:56:02 mspmbsat systemd[1]: Failed to start Network Service.
> 
> Is there some other package I need to install to get this to work?
> 
> Robert Murrell
> Embedded Software Engineer
> STANLEY Assembly Technologies
> 
> 2500 Meijer Dr., Troy, MI 48084
> T 248-677-9740
> robert.murr...@sbdinc.com |
> www.StanleyEngineeredFastening.com
> 
> [cid:image001.png@01DA59DB.CD6E9FE0]
> 
> This email, including any attached files, is intended only for the
> person to whom or the entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance
> upon, this information by persons or entities other than the intended
> recipient is prohibited. If you received this in error, please
> contact the sender and delete the material from any computer.
> 
> 
> From: Murrell, Robert A.
> mailto:robert.murr...@sbdinc.com>> Sent:
> Tuesday, February 6, 2024 4:44 PM To:
> systemd-devel@lists.freedesktop.org
> Subject: Permissions problems with systemd-networkd and others.
> 
> Greetings,
> 
> I’m attempting to update one of our products from Debian Stretch with
> Linux kernel 4.14 to Debian Bullseye with Linux kernel 6.2.0.  The
> target system is an ARM iMX6QP.  I’ve managed to build the kernel
> from the old .config file.  The image is built using ELBE builder and
> reprepro for local packages (not my choi

Re: [systemd-devel] Permissions problems with systemd-networkd and others.

2024-02-07 Thread Murrell, Robert A.
I finally got everything working.  Here is what I did to fix the problem:

adduser systemd-network root
adduser systemd-resolve root
adduser bind root
find /etc -type d -exec chmod 755 {} +

I don’t know who does this on a full linux image.  I’m posting it here for the 
next person who has this problem. I would suggest that release testing include 
a minimal Linux image to support embedded and IoT devices.

Robert Murrell
Embedded Software Engineer
STANLEY Assembly Technologies

2500 Meijer Dr., Troy, MI 48084
T 248-677-9740
robert.murr...@sbdinc.com | 
www.StanleyEngineeredFastening.com

[http://esignature.stanleyblackanddecker.com/images/stanleyengineeredfastening.png]

This email, including any attached files, is intended only for the person to 
whom or the entity to which it is addressed and may contain confidential and/or 
privileged material. Any review, retransmission, dissemination or other use of, 
or taking of any action in reliance upon, this information by persons or 
entities other than the intended recipient is prohibited. If you received this 
in error, please contact the sender and delete the material from any computer.


From: Murrell, Robert A. 
Sent: Wednesday, February 7, 2024 11:43 AM
To: systemd-devel@lists.freedesktop.org
Subject: RE: Permissions problems with systemd-networkd and others.

I should have added that I am building a very stripped down image.  These are 
the Debian packages that are being installed:

linux-image-6.2.0 - locally built
firmware-imx-epdc - locally built
firmware-imx-sdma - locally built
firmware-imx-vpu - locally built
firmware-realtek - locally built
busybox
locales
u-boot-image-mspmb-2017.11 - locally built
u-boot-tools-mspmb-2017.11 - locally built
dosfstools
openssl
libmbedtls12
gnutls-bin
gdbserver
socat
fdisk
nano
ssh
openvpn
iwd
iproute2
nftables
net-tools
usbutils
iputils-ping
dnsutils
isc-dhcp-server
hostapd
bind9
wireless-tools
wpasupplicant
policykit-1
weston
kbd
xwayland
mesa-utils
libdrm-etnaviv1
chromium
fonts-arphic-uming
fonts-ipafont-mincho
fonts-ipafont-gothic
gstreamer1.0-plugins-good
gstreamer1.0-plugins-bad
gstreamer1.0-plugins-ugly
v4l-utils
kmod
mono-runtime
rng-tools
cron

I installed policykit-1 after my first request, but it didn’t help.  Also, here 
is an excerpt from the journal:

Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Scheduled 
restart job, restart counter is at 4.
Jun 18 14:56:02 mspmbsat systemd[1]: Stopped Network Service.
Jun 18 14:56:02 mspmbsat systemd[1]: Starting Network Service...
Jun 18 14:56:02 mspmbsat systemd[241]: systemd-networkd.service: Failed to 
execute /lib/systemd/systemd-networkd: Permission denied
Jun 18 14:56:02 mspmbsat systemd[241]: systemd-networkd.service: Failed at step 
EXEC spawning /lib/systemd/systemd-networkd: Permission denied
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Main process 
exited, code=exited, status=203/EXEC
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Failed with 
result 'exit-code'.

Jun 18 14:56:02 mspmbsat systemd[1]: Failed to start Network Service.

Is there some other package I need to install to get this to work?

Robert Murrell
Embedded Software Engineer
STANLEY Assembly Technologies

2500 Meijer Dr., Troy, MI 48084
T 248-677-9740
robert.murr...@sbdinc.com | 
www.StanleyEngineeredFastening.com

[cid:image001.png@01DA59DB.CD6E9FE0]

This email, including any attached files, is intended only for the person to 
whom or the entity to which it is addressed and may contain confidential and/or 
privileged material. Any review, retransmission, dissemination or other use of, 
or taking of any action in reliance upon, this information by persons or 
entities other than the intended recipient is prohibited. If you received this 
in error, please contact the sender and delete the material from any computer.


From: Murrell, Robert A. 
mailto:robert.murr...@sbdinc.com>>
Sent: Tuesday, February 6, 2024 4:44 PM
To: 
systemd-devel@lists.freedesktop.org
Subject: Permissions problems with systemd-networkd and others.

Greetings,

I’m attempting to update one of our products from Debian Stretch with Linux 
kernel 4.14 to Debian Bullseye with Linux kernel 6.2.0.  The target system is 
an ARM iMX6QP.  I’ve managed to build the kernel from the old .config file.  
The image is built using ELBE builder and reprepro for local packages (not my 
choice).  This has been a very steep learning experience and I’m sure I have 
more tweaking to do.

I’m having a problem with systemd on startup.  System-networkd fails to run 
with the following error:

● systemd-networkd.service - Network Service
 Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; 
vendor preset: enabled)
 Active: failed (Result: exit-code) since Sun 2023-

Re: [systemd-devel] Permissions problems with systemd-networkd and others.

2024-02-07 Thread Murrell, Robert A.
I should have added that I am building a very stripped down image.  These are 
the Debian packages that are being installed:

linux-image-6.2.0 - locally built
firmware-imx-epdc - locally built
firmware-imx-sdma - locally built
firmware-imx-vpu - locally built
firmware-realtek - locally built
busybox
locales
u-boot-image-mspmb-2017.11 - locally built
u-boot-tools-mspmb-2017.11 - locally built
dosfstools
openssl
libmbedtls12
gnutls-bin
gdbserver
socat
fdisk
nano
ssh
openvpn
iwd
iproute2
nftables
net-tools
usbutils
iputils-ping
dnsutils
isc-dhcp-server
hostapd
bind9
wireless-tools
wpasupplicant
policykit-1
weston
kbd
xwayland
mesa-utils
libdrm-etnaviv1
chromium
fonts-arphic-uming
fonts-ipafont-mincho
fonts-ipafont-gothic
gstreamer1.0-plugins-good
gstreamer1.0-plugins-bad
gstreamer1.0-plugins-ugly
v4l-utils
kmod
mono-runtime
rng-tools
cron

I installed policykit-1 after my first request, but it didn’t help.  Also, here 
is an excerpt from the journal:

Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Scheduled 
restart job, restart counter is at 4.
Jun 18 14:56:02 mspmbsat systemd[1]: Stopped Network Service.
Jun 18 14:56:02 mspmbsat systemd[1]: Starting Network Service...
Jun 18 14:56:02 mspmbsat systemd[241]: systemd-networkd.service: Failed to 
execute /lib/systemd/systemd-networkd: Permission denied
Jun 18 14:56:02 mspmbsat systemd[241]: systemd-networkd.service: Failed at step 
EXEC spawning /lib/systemd/systemd-networkd: Permission denied
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Main process 
exited, code=exited, status=203/EXEC
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Failed with 
result 'exit-code'.

Jun 18 14:56:02 mspmbsat systemd[1]: Failed to start Network Service.

Is there some other package I need to install to get this to work?

Robert Murrell
Embedded Software Engineer
STANLEY Assembly Technologies

2500 Meijer Dr., Troy, MI 48084
T 248-677-9740
robert.murr...@sbdinc.com | 
www.StanleyEngineeredFastening.com

[http://esignature.stanleyblackanddecker.com/images/stanleyengineeredfastening.png]

This email, including any attached files, is intended only for the person to 
whom or the entity to which it is addressed and may contain confidential and/or 
privileged material. Any review, retransmission, dissemination or other use of, 
or taking of any action in reliance upon, this information by persons or 
entities other than the intended recipient is prohibited. If you received this 
in error, please contact the sender and delete the material from any computer.


From: Murrell, Robert A. 
Sent: Tuesday, February 6, 2024 4:44 PM
To: systemd-devel@lists.freedesktop.org
Subject: Permissions problems with systemd-networkd and others.

Greetings,

I’m attempting to update one of our products from Debian Stretch with Linux 
kernel 4.14 to Debian Bullseye with Linux kernel 6.2.0.  The target system is 
an ARM iMX6QP.  I’ve managed to build the kernel from the old .config file.  
The image is built using ELBE builder and reprepro for local packages (not my 
choice).  This has been a very steep learning experience and I’m sure I have 
more tweaking to do.

I’m having a problem with systemd on startup.  System-networkd fails to run 
with the following error:

● systemd-networkd.service - Network Service
 Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; 
vendor preset: enabled)
 Active: failed (Result: exit-code) since Sun 2023-06-18 14:56:02 UTC; 2h 
42min ago
TriggeredBy: ● systemd-networkd.socket
   Docs: man:systemd-networkd.service(8)
Process: 233 ExecStart=/lib/systemd/systemd-networkd (code=exited, 
status=203/EXEC)
   Main PID: 233 (code=exited, status=203/EXEC)
CPU: 109ms

Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Scheduled 
restart job, restart counter is at 5.
Jun 18 14:56:02 mspmbsat systemd[1]: Stopped Network Service.
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Start request 
repeated too quickly.
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Failed with 
result 'exit-code'.

Jun 18 14:56:02 mspmbsat systemd[1]: Failed to start Network Service.

Systemd-resolvd and named have similar problems.  Running the program manually 
(from root) gives me this error:

~# /lib/systemd/systemd-networkd
Failed to open configuration file '/etc/systemd/networkd.conf': Permission 
denied
Failed to parse configuration file: Permission denied
Enumeration completed

Networkd.conf has 644 permissions.  I have noticed that systemd-networkd now 
has its own group systemd-network.  I’ve tried doing several things like adding 
systemd-network to root group and vise-versa, setting permissions on all 
affected files and paths to 777 (undesirable), but I still can’t get it to run. 
 I get a little farther, but ultimately end up wit a Permission denied error 
somewhere.


  1.  What do I 

[systemd-devel] Permissions problems with systemd-networkd and others.

2024-02-06 Thread Murrell, Robert A.
Greetings,

I’m attempting to update one of our products from Debian Stretch with Linux 
kernel 4.14 to Debian Bullseye with Linux kernel 6.2.0.  The target system is 
an ARM iMX6QP.  I’ve managed to build the kernel from the old .config file.  
The image is built using ELBE builder and reprepro for local packages (not my 
choice).  This has been a very steep learning experience and I’m sure I have 
more tweaking to do.

I’m having a problem with systemd on startup.  System-networkd fails to run 
with the following error:

● systemd-networkd.service - Network Service
 Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; 
vendor preset: enabled)
 Active: failed (Result: exit-code) since Sun 2023-06-18 14:56:02 UTC; 2h 
42min ago
TriggeredBy: ● systemd-networkd.socket
   Docs: man:systemd-networkd.service(8)
Process: 233 ExecStart=/lib/systemd/systemd-networkd (code=exited, 
status=203/EXEC)
   Main PID: 233 (code=exited, status=203/EXEC)
CPU: 109ms

Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Scheduled 
restart job, restart counter is at 5.
Jun 18 14:56:02 mspmbsat systemd[1]: Stopped Network Service.
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Start request 
repeated too quickly.
Jun 18 14:56:02 mspmbsat systemd[1]: systemd-networkd.service: Failed with 
result 'exit-code'.

Jun 18 14:56:02 mspmbsat systemd[1]: Failed to start Network Service.

Systemd-resolvd and named have similar problems.  Running the program manually 
(from root) gives me this error:

~# /lib/systemd/systemd-networkd
Failed to open configuration file '/etc/systemd/networkd.conf': Permission 
denied
Failed to parse configuration file: Permission denied
Enumeration completed

Networkd.conf has 644 permissions.  I have noticed that systemd-networkd now 
has its own group systemd-network.  I’ve tried doing several things like adding 
systemd-network to root group and vise-versa, setting permissions on all 
affected files and paths to 777 (undesirable), but I still can’t get it to run. 
 I get a little farther, but ultimately end up wit a Permission denied error 
somewhere.


  1.  What do I need to do to get this working?
  2.  Why didn’t apt install properly configure it?

I can supply the elbe build log if that might help.  It is 2MB long.

Robert Murrell
Embedded Software Engineer
STANLEY Assembly Technologies

2500 Meijer Dr., Troy, MI 48084
T 248-677-9740
robert.murr...@sbdinc.com | 
www.StanleyEngineeredFastening.com

[http://esignature.stanleyblackanddecker.com/images/stanleyengineeredfastening.png]

This email, including any attached files, is intended only for the person to 
whom or the entity to which it is addressed and may contain confidential and/or 
privileged material. Any review, retransmission, dissemination or other use of, 
or taking of any action in reliance upon, this information by persons or 
entities other than the intended recipient is prohibited. If you received this 
in error, please contact the sender and delete the material from any computer.



This message and any attachments may contain Stanley Black & Decker 
confidential information. Any unauthorized review, use, disclosure or 
distribution of any such information is prohibited. If you are not the intended 
recipient, please contact the sender and delete all copies.

Este mensaje y los archivos adjuntos pueden contener informacion confidencial 
de Stanley Black & Decker. Se prohibe cualquier revision, uso, divulgacion o 
distribucion no autorizados de dicha informacion. Si no es el destinatario 
previsto, comuniquese con el remitente y elimine todas las copias.

本?件及其附件可能包含史丹利百得公司的保密信息。非?授?,任何人不得??、使用、披露或?播??信息。若?不是收件人,???系?件人并?除所有内容。??。