Web lists-archives.com

RESOLVED: Sudden “operation not permitted”




On Wed, Apr 17, 2019 at 11:17:04AM +0300, Reco wrote:
> 	Hi.
> 
> On Wed, Apr 17, 2019 at 03:25:39PM +0900, Mark Fletcher wrote:
> > I decided to try a reboot, which cleared the upowerd problem and returned
> > load to 0 or close to it. But now, network activity is not working.
> 
> Seems like a coincidence to me.

You were right -- see below

> 
> 
> > Any attempt to ping an IP address (eg my router) results in “Operation not
> > permitted” even when run as root.
> 
> This. About the only known (for me, at least) way to achieve this is to
> send back ICMP Type 3 (Destination Unreachable) Code 9 or 10
> (network/host administratively prohibited).
> It *could* be a SELinux or Apparmor misconfiguration, of course, but
> we'll deal with it later.
> 
> The main question is, who sends ICMP back to your host.
> 

No one -- as it turns out. The cause turned out to be that recent 
changes I had made to this machine to support making its MTA available 
to my VPN introduced a buggy iptables startup script which left my 
iptables settings in a stupid state on boot (blocking EVERYTHING). I'd 
never have thought of that if you hadn't asked me for the output of 
iptables-save. Soon as my eye landed on "iptables" I was like, 
"ooooooooohhhhhhhhhhh, sh*t".

Fixing the bug in the startup script and rebooting (to make sure it will 
work next time) -- all is now well. No hardware fault, I'm very pleased 
to report.

I don't know what caused upowerd to go nuts and probably never will, but 
right now I'm just happy my machine is back up and running properly.

Thanks Reco

Mark