PolicyKit failing to start with error: polkit.service: main process exited, code=exited, status=1/FAILURE

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7

Issue

  • Commands are failing or timing out (after 10 minutes) with dbus and polkit / PolicyKit errors, e.g.:

    dbus-daemon: dbus[996]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service'
    dbus[996]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service'
    systemd: Starting Authorization Manager...
    systemd: polkit.service: main process exited, code=exited, status=1/FAILURE
    systemd: Failed to start Authorization Manager.
    systemd: Unit polkit.service entered failed state.
    dbus-daemon: dbus[996]: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out
    dbus[996]: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out
    

Resolution

  1. Ensure the existence of a polkitd system user & group
    Copy/paste the following 2 compound-commands to a root terminal to check for and conditionally create the user/group

    getent group polkitd >/dev/null && echo -e "\e[1;32mpolkitd group already exists\e[0m" || { groupadd -r polkitd && echo -e "\e[1;33mAdded missing polkitd group\e[0m" || echo -e "\e[1;31mAdding polkitd group FAILED\e[0m"; }
    getent passwd polkitd >/dev/null && echo -e "\e[1;32mpolkitd user already exists\e[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "\e[1;33mAdded missing polkitd user\e[0m" || echo -e "\e[1;31mAdding polkitd user FAILED\e[0m"; }
    
  2. Reset the permissions and user/group ownership for all files provided by the polkit and polkit-pkla-compat packages
    Copy/paste the following compound-command to a root terminal to check for and conditionally reset user/group perms & ownership

    rpm -Va polkit\* && echo -e "\e[1;32mpolkit* rpm verification passed\e[0m" || { echo -e "\e[1;33mResetting polkit* rpm user/group ownership & perms\e[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }
    
  3. Reboot
    A reboot of the machine will be required to make sure that all changes take affect and that polkit has reconnected to the dbus

    shutdown -r now
    
  4. Open a support case if there are still issues

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

5 Comments

This does not persist after a reboot, but may be related to ipv6 being disabled.

(For me, ipv6 was not disabled) Two RHEL 7.5 server edition systems of mine had issues with polkit after upgrading from my satellite from RHEL 7.5 to RHEL 7.6

My own fix, I did a yum -y reinstall polkit which initially didn't resolve, then I did a yumdownloader polkit, and I did a yum -y reinstall polkit-[currentversion,64bit].rpm which cured my issues on those 2 systems.

Monitoring this for more issues with RHEL 7.6 and will dig further.

-RJ

I have this problem, I've tried these steps. The problem occurs intermittently and this solution does not stop the problem from occurring.

same here.

this command is badly broken, encoding wise.

like:

\e[1;32m \e[0m