PolicyKit failing to start with error: polkit.service: main process exited, code=exited, status=1/FAILURE
Environment
- Red Hat Enterprise Linux 7
Issue
-
Commands are failing or timing out (after 10 minutes) with dbus and polkit / PolicyKit errors, e.g.:
dbus-daemon: dbus[996]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' dbus[996]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' systemd: Starting Authorization Manager... systemd: polkit.service: main process exited, code=exited, status=1/FAILURE systemd: Failed to start Authorization Manager. systemd: Unit polkit.service entered failed state. dbus-daemon: dbus[996]: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out dbus[996]: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out
Resolution
-
Ensure the existence of a
polkitdsystem user & group
Copy/paste the following 2 compound-commands to a root terminal to check for and conditionally create the user/groupgetent group polkitd >/dev/null && echo -e "\e[1;32mpolkitd group already exists\e[0m" || { groupadd -r polkitd && echo -e "\e[1;33mAdded missing polkitd group\e[0m" || echo -e "\e[1;31mAdding polkitd group FAILED\e[0m"; } getent passwd polkitd >/dev/null && echo -e "\e[1;32mpolkitd user already exists\e[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "\e[1;33mAdded missing polkitd user\e[0m" || echo -e "\e[1;31mAdding polkitd user FAILED\e[0m"; } -
Reset the permissions and user/group ownership for all files provided by the
polkitandpolkit-pkla-compatpackages
Copy/paste the following compound-command to a root terminal to check for and conditionally reset user/group perms & ownershiprpm -Va polkit\* && echo -e "\e[1;32mpolkit* rpm verification passed\e[0m" || { echo -e "\e[1;33mResetting polkit* rpm user/group ownership & perms\e[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; } -
Reboot
A reboot of the machine will be required to make sure that all changes take affect and that polkit has reconnected to the dbusshutdown -r now -
Open a support case if there are still issues
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
14 Comments
This does not persist after a reboot, but may be related to ipv6 being disabled.
(For me, ipv6 was not disabled) Two RHEL 7.5 server edition systems of mine had issues with polkit after upgrading from my satellite from RHEL 7.5 to RHEL 7.6
My own fix, I did a
yum -y reinstall polkitwhich initially didn't resolve, then I did a yumdownloader polkit, and I did ayum -y reinstall polkit-[currentversion,64bit].rpmwhich cured my issues on those 2 systems.Monitoring this for more issues with RHEL 7.6 and will dig further.
-RJ
I have this problem, I've tried these steps. The problem occurs intermittently and this solution does not stop the problem from occurring.
same here.
this command is badly broken, encoding wise.
like:
\e[1;32m \e[0m
I am with same issue. I reinstalled with Polkit package but no luck. Does anyone help me with this.
Same problem for me. I upgraded a bunch of machines from 7.4 to 7.6 and one of them has this exact problem. I've checked the entries in the password and group files and they are OK. They match other machines that have no problem. I verified the RPM packages, reinstalled polkit RPM, and rebooted the server. Nothing has fixed the issue.
In our case it had to do with dbus and automount and polkit stuff, but I wasn't able to fix it.
Eventually we reinstalled 2 boxes because of this.
Just like Tom Stocker mentioned, we had to manually adjust polkit's service target file to start before other services. I am curious why Red Hat couldn't have made polkit take precedence in this matter. Soo many systems that we've upgraded from 7.5 to 7.6 as a result of patching incurred this issue and only recently did we discover we had to manually edit (grrrr) polkit's service target file to accommodate something Red Hat ought to have resolved upon the upgrade of the polkit rpm. We did not have this issue before the upgrade to 7.6.
There's a bug on this anyone experiencing an issue with this, please submit a case with Red Hat because Red Hat scales priority based on customer interest, and if you add a rational impact (in a case), they'll respond in kind (even if you're not aware of it). Please see this solution for more details https://access.redhat.com/solutions/3900301
Here's the Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1531486 and it is worthwhile to read it
For what it's worth, patching firmware on the affected nodes seems to clear this problem. On our Dell servers, there are things in the firmware notes such as "Add support for RHEL7.6". I applied updates to BIOS, iDRAC, and Ethernet adapters and that seems to clear the problem. I can confirm that we do use NIS on these machines, and that is implicated in the linked bugzilla.
Take a look at this article (https://access.redhat.com/solutions/3550072) as this appeared to fix my issue According to the article, for RHEL 7 machines, /var/run MUST be a symlink '../run'. In my case, /var/run was a directory with no 'dbus' directory in there. Once I'd changed /var/run to a symlink pointing to ../run, I was able to start polkit.
Thanks, this solution has worked for me except last command:
shutdown -r nowThis above command didn't work for me as it was disallowed due to polkit service issue thus I had to execute the command:
rebootAfter server reboot issue got resolved.
Regards Charanjit Singh