“polkit code=exited status=1/FAILURE” – PolicyKit se nepodařilo spustit v CentOS/RHEL 7 a 8

Problém

Nelze spustit službu polkitd, což zase ovlivňuje ostatní služby.

# systemctl restart polkit

** (pkttyagent:32189): WARNING **: 13:59:48.884: Unable to register authentication agent: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyKit1 was not provided by any .service files
Error registering authentication agent: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyKit1 was not provided by any .service files (g-dbus-error-quark, 2)
Job for polkit.service failed because the control process exited with error code. See "systemctl status polkit.service" and "journalctl -xe" for details.

# systemctl status polkit
● polkit.service - Authorization Manager
   Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sat 2019-03-23 13:59:48 IST; 4min 13s ago
     Docs: man:polkit(8)
  Process: 32193 ExecStart=/usr/lib/polkit-1/polkitd --no-debug (code=exited, status=1/FAILURE)
 Main PID: 32193 (code=exited, status=1/FAILURE)

Mar 23 13:59:48 [hostname] systemd[1]: Starting Authorization Manager...
Mar 23 13:59:48 [hostname] systemd[1]: polkit.service: main process exited, code=exited, status=1/FAILURE
Mar 23 13:59:48 [hostname] systemd[1]: Failed to start Authorization Manager.
Mar 23 13:59:48 [hostname] systemd[1]: Unit polkit.service entered failed state.
Mar 23 13:59:48 [hostname] systemd[1]: polkit.service failed.

Řešení

Tento problém byl způsoben nesprávnými oprávněními pro soubory a adresáře související s polkitem. Polkit se používá pro kontrolu systémových oprávnění. Poskytuje organizovaný způsob komunikace neprivilegovaných procesů s privilegovanými. Na rozdíl od systémů, jako je sudo, neuděluje oprávnění root celému procesu, ale spíše umožňuje jemnější úroveň kontroly centralizované systémové politiky.

1. Ujistěte se, že je přítomen polkitd uživatel a skupina, pokud ne, zkuste znovu nainstalovat RPM:

# getent passwd polkitd
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
# getent group polkitd
polkitd:x:997:

2. Resetujte oprávnění a vlastnictví uživatele/skupiny pro všechny soubory poskytované balíčky polkit a polkit-pkla-compat:

# rpm -Va polkit
# rpm --setugids polkit polkit-pkla-compat
# rpm --setperms polkit polkit-pkla-compat

3. Zkontrolujte znovu, zda se problém znovu nevyskytl. Pokud ano, zkuste přeinstalovat/aktualizovat RPM na nejnovější verzi:

# yum reinstall polkit
...
Resolving Dependencies
--> Running transaction check
---> Package polkit.x86_64 0:0.112-18.0.1.el7 will be reinstalled
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================================
 Package                          Arch                             Version                                     Repository                            Size
==========================================================================================================================================================
Reinstalling:
 polkit                           x86_64                           0.112-18.0.1.el7                            rhel7_latest                           168 k

Transaction Summary
==========================================================================================================================================================
Reinstall  1 Package

Total download size: 168 k
Installed size: 473 k
Is this ok [y/d/N]: y
Downloading packages:
polkit-0.112-18.0.1.el7.x86_64.rpm                                                                                                 | 168 kB  00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : polkit-0.112-18.0.1.el7.x86_64                                                                                                         1/1
  Verifying  : polkit-0.112-18.0.1.el7.x86_64                                                                                                         1/1

Installed:
  polkit.x86_64 0:0.112-18.0.1.el7

4. Ověřte stav služby dbus, pokud je zakázáno, restartujte službu:

#  systemctl status dbus
● dbus.service - D-Bus System Message Bus
   Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset: disabled)
   Active: active (running) since Fri 2019-03-22 20:56:05 IST; 17h ago
     Docs: man:dbus-daemon(1)
 Main PID: 13721 (dbus-daemon)
   CGroup: /system.slice/dbus.service
           └─13721 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

Mar 23 13:57:09 [hostname] dbus[13721]: [system] Activating via systemd: service name='org.freedesktop.login1' unit='dbus-org.freedesktop.login1.service'
Mar 23 13:57:34 [hostname] dbus[13721]: [system] Failed to activate service 'org.freedesktop.login1': timed out
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied

Výše je služba spuštěna, ale povolení odepřeno je způsobeno tím, že služba polkitd není aktivní.

5. Spusťte službu polkitd s možností ladění:

# /usr/lib/polkit-1/polkitd
Error switcing to user polkitd: Error changing to home directory /: Permission denied <<<
Exiting with code 1

Zobrazená chyba je způsobena tím, že uživatel polkitd není schopen přepnout domovský adresář. Ověřte domovský adresář:

# cat /etc/passwd |grep polkitd
polkitd:x:999:998:User for polkitd:/:/sbin/nologin

Vidíte, že domovský adresář je "/", ověřte oprávnění /tmp, /home, /etc, /var, /bin, /run a /

# ls -l /
total 32
lrwxrwxrwx.   1 root root    7 Jan  2 20:11 bin -> usr/bin
dr-xr-xr-x.   4 root root 4096 Mar 22 20:54 boot
drwxr-xr-x.  87 root root 8192 Mar 23 14:07 etc
drwxr-xr-x.   3 root root   20 Jan  2 23:45 home
lrwxrwxrwx.   1 root root    7 Jan  2 20:11 lib -> usr/lib
lrwxrwxrwx.   1 root root    9 Jan  2 20:11 lib64 -> usr/lib64
dr-xr-x---.   8 root root 4096 Mar 14 21:01 root
drwxr-xr-x.  30 root root 1000 Mar 23 14:07 run
lrwxrwxrwx.   1 root root    8 Jan  2 20:11 sbin -> usr/sbin
drwxr-xr-x.  19 root root 4096 Jan  2 20:19 var

# ls -ld /
drwx------. 17 root root 4096 Jan  2 20:17 /

6. Oprávnění zobrazené v "/" je 700 místo 555, opravte a restartujte službu:

# ls -ld /
drwx------. 17 root root 4096 Jan  2 20:17 /

# chmod 555 /

# ls -ld
dr-xr-xr-x. 17 root root 4096 Jan  2 20:17 .

# systemctl start  polkit
# systemctl status polkit
● polkit.service - Authorization Manager
   Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
   Active: active (running) since Sat 2019-03-23 14:47:16 IST; 48s ago
     Docs: man:polkit(8)
 Main PID: 2186 (polkitd)
   CGroup: /system.slice/polkit.service
           └─2186 /usr/lib/polkit-1/polkitd --no-debug

Mar 23 14:47:16 [hostname] polkitd[2186]: Loading rules from directory /usr/share/polkit-1/rules.d
Mar 23 14:47:16 [hostname] polkitd[2186]: Finished loading, compiling and executing 3 rules
Mar 23 14:47:16 [hostname] systemd[1]: Started Authorization Manager.
Mar 23 14:47:16 [hostname] polkitd[2186]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Mar 23 14:47:16 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2181:6445595 (system bus name :1.145 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:16 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2181:6445595 (system bus name :1.145, object path /org/f...from bus)
Mar 23 14:47:40 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2216:6448064 (system bus name :1.147 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:40 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2216:6448064 (system bus name :1.147, object path /org/f...from bus)
Mar 23 14:47:55 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2234:6449521 (system bus name :1.148 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:55 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2234:6449521 (system bus name :1.148, object path /org/f...from bus)
Hint: Some lines were ellipsized, use -l to show in full.

Služba polkitd s informacemi o ladění:

# /usr/lib/polkit-1/polkitd
Successfully changed to user polkitd
14:55:06.874: Loading rules from directory /etc/polkit-1/rules.d
14:55:06.874: Loading rules from directory /usr/share/polkit-1/rules.d
14:55:06.875: Finished loading, compiling and executing 3 rules
Entering main event loop
Connected to the system bus
14:55:06.876: Lost the name org.freedesktop.PolicyKit1 - exiting
Shutting down
Exiting with code 0

Poznámka :Po změně se doporučuje restartovat uzel a ověřit systém, zda systém funguje bez problémů.