Starting Shorewall using systemctl fails with the error message as
below. Starting from command line succeeds. I''ve tried changing the
permissions on the /var/lib/shorewall folder to 777 but no change. The
temp file isn''t present after the error so I don''t know if the
permission issue is related to that. Selinux is disabled.
I''m new to FC18 and systemctl so apologies if this is not a Shorewall
issue as such, but I can''t see where to go next.
Thanks,
shorewall.service - Shorewall IPv4 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled)
Active: failed (Result: exit-code) since Wed, 2013-05-01 11:33:16
NZST; 1min 27s ago
Process: 5178 ExecStart=/sbin/shorewall $OPTIONS start
(code=exited, status=13)
CGroup: name=systemd:/system/shorewall.service
May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]:
Applying Policies...
May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]:
Compiling /usr/share/shorewall/action.Drop for chain Drop...
May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]:
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]:
Generating Rule Matrix...
May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]:
Creating iptables-restore input...
May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]:
ERROR: Cannot Rename /var/lib/shorewall/tempfileN4TP to
/var/lib/shorewall/.start: Permission denied
May 01 11:33:16 spare-millgate.wpi-international.co.nz logger[5446]:
ERROR:Shorewall start failed
May 01 11:33:16 spare-millgate.wpi-international.co.nz systemd[1]:
shorewall.service: main process exited, code=exited, status=13/n/a
May 01 11:33:16 spare-millgate.wpi-international.co.nz systemd[1]:
Failed to start Shorewall IPv4 firewall.
May 01 11:33:16 spare-millgate.wpi-international.co.nz systemd[1]: Unit
shorewall.service entered failed state
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
Tom Eastep
2013-May-01 00:10 UTC
Re: Shorewall 4.5.15 fails to start using systemctl on FC18
On 04/30/2013 05:01 PM, Dave Green wrote:> Starting Shorewall using systemctl fails with the error message as > below. Starting from command line succeeds. I''ve tried changing the > permissions on the /var/lib/shorewall folder to 777 but no change. The > temp file isn''t present after the error so I don''t know if the > permission issue is related to that. Selinux is disabled. > > I''m new to FC18 and systemctl so apologies if this is not a Shorewall > issue as such, but I can''t see where to go next. > > Thanks, > > shorewall.service - Shorewall IPv4 firewall > Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled) > Active: failed (Result: exit-code) since Wed, 2013-05-01 11:33:16 > NZST; 1min 27s ago > Process: 5178 ExecStart=/sbin/shorewall $OPTIONS start > (code=exited, status=13) > CGroup: name=systemd:/system/shorewall.service > > May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]: > Applying Policies... > May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]: > Compiling /usr/share/shorewall/action.Drop for chain Drop... > May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]: > Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... > May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]: > Generating Rule Matrix... > May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]: > Creating iptables-restore input... > May 01 11:33:16 spare-millgate.wpi-international.co.nz shorewall[5178]: > ERROR: Cannot Rename /var/lib/shorewall/tempfileN4TP to > /var/lib/shorewall/.start: Permission denied > May 01 11:33:16 spare-millgate.wpi-international.co.nz logger[5446]: > ERROR:Shorewall start failed > May 01 11:33:16 spare-millgate.wpi-international.co.nz systemd[1]: > shorewall.service: main process exited, code=exited, status=13/n/a > May 01 11:33:16 spare-millgate.wpi-international.co.nz systemd[1]: > Failed to start Shorewall IPv4 firewall. > May 01 11:33:16 spare-millgate.wpi-international.co.nz systemd[1]: Unit > shorewall.service entered failed stateThis is undoubtedly an SELINUX issue, not a Shorewall issue. Use the SELINUX troubleshooting app to remedy. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1
Dave Green
2013-May-01 00:41 UTC
Re: Shorewall 4.5.15 fails to start using systemctl on FC18
On 1/05/2013 12:10 p.m., Tom Eastep wrote:> On 04/30/2013 05:01 PM, Dave Green wrote: >> Starting Shorewall using systemctl fails with the error message as >> below. Starting from command line succeeds. I''ve tried changing the >> permissions on the /var/lib/shorewall folder to 777 but no change. The >> temp file isn''t present after the error so I don''t know if the >> permission issue is related to that. Selinux is disabled. >> [...] > This is undoubtedly an SELINUX issue, not a Shorewall issue. Use the > SELINUX troubleshooting app to remedy. > > -Tom >Amazing what a small pointer in the right direction can do! Although I''d added SELINUX=disabled to the config file I''d completely overlooked the SELINUX=enforcing line earlier in the file. Thanks for your prompt support (and patience) as always, Tom. I''ll now return to my seat at the back of the class... ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1