search

safing / portmaster

🏔 Love Freedom - ❌ Block Mass Surveillance
https://safing.io
GNU General Public License v3.0
9.36k stars 302 forks source link

Core service not starting after restart #482

Closed ghost closed 1 year ago

ghost commented 2 years ago

Pre-Submit Checklist:

What happened: After installing the portmaster, it would work as expected, but after a computer restart it would ask for a password to start the core service but would never start after the password was given

What did you expect to happen?: for the core service to start after the password was inputted

How did you reproduce it?: 1) uninstall the portmaster 2) install the portmaster rpm with zypper 3) run the portmaster and input the password 4) restart the computer 5) run the portmaster and enter the password 6) see the issue

Debug Information:

Version: 0.7.12 OS: openSUSE Tumbleweed 20211220 Kernel: 5.15.8-1

dhaavi commented 2 years ago

Hey @BobIsMyManager, thanks for reporting this!

It sounds like the core service is not starting on boot and when triggered by the UI. Can you paste the output of systemctl status portmaster?

ghost commented 2 years ago

Unit portmaster.service could not be found. even though the app does start on boot, just not the core service

dhaavi commented 2 years ago

It seems it hasn't installed correctly. Have you tried removing and installing again?

ghost commented 2 years ago

yes and it works when i reinstall it until my pc restarts where it stops working again

ghost commented 2 years ago

after i install it it says Additional rpm output: portmaster: Configuring portmaster.service to launch at boot Created symlink /etc/systemd/system/multi-user.target.wants/portmaster.service -> /opt/safing/portmaster/portmaster.service. Created symlink /etc/systemd/system/portmaster.service -> /opt/safing/portmaster/portmaster.service. chcon: can't apply partial context to unlabeled file '/opt/safing/portmaster/portmaster-start' warning: %post(portmaster-0:0.7.0~1-1.x86_64) scriptlet failed, exit status 1

VottonDev commented 2 years ago

Sounds like chcon is applying the wrong SELinux context, so probably can try manually changing it to see if it works or possibly using semanage to relabel the file.

Haven't particularly dealt with openSUSE, but could possibly help you.

dhaavi commented 2 years ago

We are currently investigating some SELinux stuff, hopefully we'll have an update on this soon.

Tracking internally at CC#2168.

ghost commented 2 years ago

I also now seem to have an issue where similarly to #487, the GUI of the app wont start. The output of trying to start the app with /opt/safing/portmaster/portmaster-start app is: Error: please set the data directory using --data=/path/to/data/dir

ghost commented 2 years ago

And once i set the data directory using sudo /opt/safing/portmaster/portmaster-start --data=/opt/safing/portmaster app, this is what happens

[control] 2022/02/06 21:11:39 app/portmaster-app.zip failed with: could not get component: the requested file is not available locally
[control] 2022/02/06 21:11:41 app/portmaster-app.zip failed with: could not get component: the requested file is not available locally
[control] 2022/02/06 21:11:45 updating registry index
[control] 2022/02/06 21:11:45 app/portmaster-app.zip failed with: could not get component: the requested file is not available locally
[control] 2022/02/06 21:11:51 updating registry index
[control] 2022/02/06 21:11:51 app/portmaster-app.zip failed with: could not get component: the requested file is not available locally
[control] 2022/02/06 21:11:59 updating registry index
[control] 2022/02/06 21:11:59 app/portmaster-app.zip failed with: could not get component: the requested file is not available locally
[control] 2022/02/06 21:11:59 encountered 5 consecutive errors, giving up ...
Error: could not get component: the requested file is not available locally

edit: this was fixed after an update

ghost commented 2 years ago

Ive managed to collect more info to try help you guys out:

  1. After starting the portmaster, Error: connect ECONNREFUSED 127.0.0.1:817 keeps appearing in the terminal infinitely

  2. After pressing start core service and entering the root password, this error appears

    Error occurred in handler for 'api.startService': {
error: Error: Command failed: cd "/home/BIMM"; "/usr/bin/pkexec" --disable-internal-agent /bin/bash -c "echo SUDOPROMPT; systemctl start portmaster.service --no-pager"
Failed to start portmaster.service: Unit portmaster.service not found.

  at ChildProcess.exithandler (child_process.js:317:12)
  at ChildProcess.emit (events.js:315:20)
  at maybeClose (internal/child_process.js:1048:16)
  at Socket.<anonymous> (internal/child_process.js:439:11)
  at Socket.emit (events.js:315:20)
  at Pipe.<anonymous> (net.js:673:12) {
killed: false,
code: 5,
signal: null,
cmd: 'cd "/home/BIMM"; "/usr/bin/pkexec" --disable-internal-agent /bin/bash -c "echo SUDOPROMPT; systemctl start portmaster.service --no-pager"'
},
stdout: '',
stderr: 'Failed to start portmaster.service: Unit portmaster.service not found.\n'
}

  3. When the portmaster starts and when the root password is entered, this appears

    (portmaster-app_v0-2-2:2972): LIBDBUSMENU-GLIB-WARNING **: 22:13:22.002: About to Show called on an item wihtout submenus.  We're ignoring it.

Hopefully this can help you guys figure out whats causing this issue 😃

dhaavi commented 2 years ago

It looks like you're still missing the portmaster.service file. Can you try following the manual install instructions from here?

ghost commented 2 years ago

This is what happens when i run sudo /opt/safing/portmaster/portmaster-start core. Here is a snippet of what is being spammed in console

220211 17:41:04.685 les/worker:098 ▶ INFO 620 nameserver: service-worker dns resolver requested restart: stopped conflicting name service with pid 718 - restarting now
220211 17:41:04.685 r/takeover:118 ▶ WARN 621 nameserver: killed conflicting service with PID 718 over [::1]:53

https://user-images.githubusercontent.com/70704875/153641629-378e4275-4932-4419-a665-b8dc67dcaec6.mov

dhaavi commented 2 years ago

It looks like you have another service running on port 53 - is it possible to disable that?

Also, the Portmaster should not go into a loop like this, will investigate.

ghost commented 2 years ago

I disabled the service on port 53 and now things seem to work now! Screenshot_20220211_175935

ghost commented 2 years ago

It seems that when I start the core service by pressing the button on the portmaster, it doesnt work, but when I start it manually in the command line, it does work.

ghost commented 2 years ago

Another weird bug that seems to be related to this issue (this happens every time I restart my system):

20220326_12h58m24s_grim

And when trying to execute sudo chcon -t bin_t /opt/safing/portmaster/portmaster-start to fix this according to the portmaster docs, I get this error:

chcon: can't apply partial context to unlabeled file '/opt/safing/portmaster/portmaster-start'
dhaavi commented 2 years ago

I disabled the service on port 53 and now things seem to work now!

Great!

It seems that when I start the core service by pressing the button on the portmaster, it doesnt work, but when I start it manually in the command line, it does work.

How are you trying to start it?

Another weird bug that seems to be related to this issue (this happens every time I restart my system):

The Portmaster is a system service, so you might need to use sudo systemctl status portmaster.

And when trying to execute sudo chcon -t bin_t /opt/safing/portmaster/portmaster-start to fix this according to the portmaster docs, I get this error:

We are still getting this (SELinux) sorted out and we will update the docs when ready.

ghost commented 2 years ago

How are you trying to start it?

When starting the core service with sudo /opt/safing/portmaster/portmaster-start core or sudo systemctl enable --now portmaster it works as intended, but when trying to start it by pressing the button below, nothing happens. 20220328_17h50m11s_grim

The Portmaster is a system service, so you might need to use sudo systemctl status portmaster.

The same thing still happens 20220328_17h51m38s_grim

ppacher commented 2 years ago

Edited: sorry I didn't read through the whole issue comments so my comment didn't apply. I'll try to reproduce the systemctl issue. This is really weird since systemd does find the service file when trying to enable it.

Can you post the output of ls -lah /etc/systemd/system/portmaster.service please?

ghost commented 2 years ago

Can you post the output of ls -lah /etc/systemd/system/portmaster.service please?

lrwxrwxrwx 1 root root 41 Mar 25 17:56 /etc/systemd/system/portmaster.service -> /opt/safing/portmaster/portmaster.service

ghost commented 2 years ago

Now when executing sudo systemctl --user start portmaster I get the response: Failed to connect to bus: No medium found

EDIT: using sudo systemctl enable --now portmaster works fine

ppacher commented 2 years ago

Is this still an issue?

ghost commented 2 years ago

Probably, some things have changed over time so I'll get back to you on that once I update portmaster.

ghost commented 2 years ago

Yep, the issue is still here. When using the guide for SELinux, there are no entries when running journalctl -u portmaster. Plus, when running sudo chcon -t bin_t /opt/safing/portmaster/portmaster-start, I get there response:

chcon: can't apply partial context to unlabeled file '/opt/safing/portmaster/portmaster-start'
github-actions[bot] commented 1 year ago

Auto-closing this issue after waiting for input for a month. If anyone finds the time to provide the requested information, please re-open the issue and we will continue handling it.