Using NetworkManager and systemd-resolved, systemd-resolved needs manual restart after reboot

stylefish · August 21, 2025, 1:51pm

hi,

i’m using systemd-resolved with network manager. i’ve installed the systemd-resolved package and created a symlink to /etc/resolv.conf.

i want to use systemd-resolved because i need split DNS with VPN connections.

everything is working fine except one thing:

when i reboot my notebook systemd-resolved fails to start, see journalctl:

Aug 20 16:21:46 systemd[1]: Starting Network Name Resolution...
Aug 20 16:21:46 (resolved)[1023]: Failed to create destination mount point node '/run/systemd/mount-rootfs/var/tmp', ignoring: Permission denied
Aug 20 16:21:46 (resolved)[1023]: Failed to mount /run/systemd/unit-private-tmp/var-tmp to /run/systemd/mount-rootfs/var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1023]: systemd-resolved.service: Failed to set up mount namespacing: /var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1023]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: No such file or directory
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:46 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 1.
Aug 20 16:21:46 systemd[1]: Starting Network Name Resolution...
Aug 20 16:21:46 (resolved)[1029]: Failed to create destination mount point node '/run/systemd/mount-rootfs/var/tmp', ignoring: Permission denied
Aug 20 16:21:46 (resolved)[1029]: Failed to mount /run/systemd/unit-private-tmp/var-tmp to /run/systemd/mount-rootfs/var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1029]: systemd-resolved.service: Failed to set up mount namespacing: /var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1029]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: No such file or directory
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:46 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 2.
Aug 20 16:21:46 systemd[1]: Starting Network Name Resolution...
Aug 20 16:21:46 (resolved)[1034]: Failed to create destination mount point node '/run/systemd/mount-rootfs/var/tmp', ignoring: Permission denied
Aug 20 16:21:46 (resolved)[1034]: Failed to mount /run/systemd/unit-private-tmp/var-tmp to /run/systemd/mount-rootfs/var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1034]: systemd-resolved.service: Failed to set up mount namespacing: /var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1034]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: No such file or directory
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:46 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 3.
Aug 20 16:21:46 systemd[1]: Starting Network Name Resolution...
Aug 20 16:21:46 (resolved)[1038]: Failed to create destination mount point node '/run/systemd/mount-rootfs/var/tmp', ignoring: Permission denied
Aug 20 16:21:46 (resolved)[1038]: Failed to mount /run/systemd/unit-private-tmp/var-tmp to /run/systemd/mount-rootfs/var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1038]: systemd-resolved.service: Failed to set up mount namespacing: /var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1038]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: No such file or directory
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:46 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 4.
Aug 20 16:21:46 systemd[1]: Starting Network Name Resolution...
Aug 20 16:21:46 (resolved)[1097]: Failed to create destination mount point node '/run/systemd/mount-rootfs/var/tmp', ignoring: Permission denied
Aug 20 16:21:46 (resolved)[1097]: Failed to mount /run/systemd/unit-private-tmp/var-tmp to /run/systemd/mount-rootfs/var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1097]: systemd-resolved.service: Failed to set up mount namespacing: /var/tmp: No such file or directory
Aug 20 16:21:46 (resolved)[1097]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: No such file or directory
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:46 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Aug 20 16:21:46 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:46 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:47 systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Aug 20 16:21:47 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:47 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:47 systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Aug 20 16:21:47 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:47 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:47 systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Aug 20 16:21:47 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:47 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:48 systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Aug 20 16:21:48 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:48 systemd[1]: Failed to start Network Name Resolution.
Aug 20 16:21:52 systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Aug 20 16:21:52 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 20 16:21:52 systemd[1]: Failed to start Network Name Resolution.

weird thing is, when i’ve logged into my gnome session and open up a terminal and restart systemd-resolved via sudo systemctl restart systemd-resolved it starts fine and runs well.

has anyone an idea how to get systemd-resolved to directly start on boot without crashing?

the mentioned directories / files are present:

# ls -lah /usr/lib/systemd/systemd-resolved                                                                                                                                                                            
-rwxr-xr-x. 1 root root 563K Aug  4 10:54 /usr/lib/systemd/systemd-resolved
# ls -lah /var/tmp                                                                                                                                                                                                               
total 0
drwxrwxrwt. 1 root        root        2.2K Aug 21 15:31 .

except for this one:

# ls -lah /run/systemd/mount-rootfs/var/tmp                                                                                                                                                                                     
ls: cannot access '/run/systemd/mount-rootfs/var/tmp': No such file or directory

but i think i should not create directories in /run/systemd, right?

any help welcome
thanks and greetings

arvidjaar · August 21, 2025, 2:13pm

Show

ausearch -m avc -ts boot

stylefish · August 21, 2025, 10:22pm

# sudo ausearch -m avc -ts boot
<no matches>

arvidjaar · August 22, 2025, 4:20am

It is still possible that AVCs are hidden by default. Are you using SELinux?

sestatus

stylefish · August 22, 2025, 7:58am

yes, its enabled:

# sudo sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      34

arvidjaar · August 22, 2025, 8:12am

OK, change to

SELINUX=permissive

in /etc/selinux/config and reboot. Is there any difference?

stylefish · August 22, 2025, 3:28pm

yes, when i disable (?) selinux with permissive, as you suggested, then it works.

is it possible to re-enable the default setting and also make systemd-resolved work directly after boot?

edit:

this is the output of sestatus:

# sudo sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      34

stylefish · August 22, 2025, 3:42pm

i’ve re-enabled enforcing and now systemd-resolved starts without problems…

arvidjaar · August 22, 2025, 5:31pm

Did you verify that after reboot SELinux is again in enforcing mode?

stylefish · August 23, 2025, 9:17am

# sudo sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      34

it seems like it…

arvidjaar · August 23, 2025, 11:50am

It sounds like a race condition on boot (some service now starts before systemd-resolved and does whatever it was not able to do) and it is still unclear whether it was SELinux issue or not. If it happens again you may try

semodule -DB

It will enable logging of all rules that are normally silent. There will be a lot of them. To revert back to the normal behavior just do

semodule -B

I am not sure whether semodule is part of the default install.

stylefish · August 25, 2025, 9:35am

i will have a look and check if the issue occurs again. thank you for your time and suggestions!

fbonazzi · August 27, 2025, 3:25pm

FYI this is an actual bug tracked in https://bugzilla.suse.com/show_bug.cgi?id=1237515 , it is being worked on

system · September 26, 2025, 3:26pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.