search

Samsung / nether

Application firewall enforcing network privileges in Tizen. It uses cynara as a policy backend and netfilter to manage network connections.
Apache License 2.0
3 stars 6 forks source link

Nether service fails on Samsung Artik (Tizen 3.0) #1

Open tatyanavolkova opened 7 years ago

tatyanavolkova commented 7 years ago

I have the following issue. I installed Tizen 3.0 on Samsung Artik 710. Nether service fails to load during the startup.

When I try to systemctl start nether.service

I get: Job for nether.service failed. See "systemctl status nether.service" and "journalctl -xe" for details.

The result of "systemctl status nether.service":

● nether.service - nether service
   Loaded: loaded (/usr/lib/systemd/system/nether.service; disabled; vendor preset: enabled)
   Active: failed (Result: start-limit) since Tue 2017-06-20 11:07:16 MSK; 2min 47s ago
  Process: 2729 ExecStartPost=/usr/sbin/ip6tables-restore /etc/nether/nether_ipv6.rules (code=exited, status=1/FAILURE)
  Process: 2728 ExecStart=/usr/bin/nether -l JOURNAL -P policy=/etc/nether/cynara.policy -B /etc/nether/file.policy -r /etc/nether/nether.rules (code=killed, signal=TERM)
 Main PID: 2728 (code=killed, signal=TERM)

Jun 20 11:07:16 artik systemd[1]: Failed to start nether service.
Jun 20 11:07:16 artik systemd[1]: Unit nether.service entered failed state.
Jun 20 11:07:16 artik systemd[1]: nether.service failed.
Jun 20 11:07:16 artik systemd[1]: nether.service holdoff time over, schedul...t.
Jun 20 11:07:16 artik systemd[1]: start request repeated too quickly for ne...ce
Jun 20 11:07:16 artik systemd[1]: Failed to start nether service.
Jun 20 11:07:16 artik systemd[1]: Unit nether.service entered failed state.
Jun 20 11:07:16 artik systemd[1]: nether.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

And on journalctl -xe:

Jun 20 11:07:16 artik systemd[1]: Unit nether.service entered failed state.
Jun 20 11:07:16 artik systemd[1]: nether.service failed.
Jun 20 11:07:16 artik systemd[1]: nether.service holdoff time over, scheduling r
Jun 20 11:07:16 artik systemd[1]: Cannot add dependency job for unit resize2fs@d
Jun 20 11:07:16 artik systemd[1]: Cannot add dependency job for unit resize2fs@d
Jun 20 11:07:16 artik systemd[1]: Cannot add dependency job for unit resize2fs@d
Jun 20 11:07:16 artik systemd[1]: start request repeated too quickly for nether.
Jun 20 11:07:16 artik systemd[1]: Failed to start nether service.
-- Subject: Unit nether.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit nether.service has failed.
--

What can be the problem?

piotrrsawicki commented 7 years ago

Probably, the problem is that your kernel doesn't support IPv6 (check if you have the /proc/net/if_inet6 file). The simple solution is to adjust the systemd configuration to get rid of applying nether_ipv6.rules. You can also recompile the kernel with appropriate options turned on. The code on GitHub is a little bit outdated. You can find the recent version of Nether on https://review.tizen.org/git/?p=platform/core/security/nether.git;a=summary