Simple systemd service to lift kernel lockdown - permission denied
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
0
So, I have spent a long time trying to fix a simple systemd service which can lift the kernel lockdown. After a lot of time spent researching and googling I couldn't find an answer to my question.
What I want is a script to run before an existing service called nbfc.service is run. I tried to do this by making a new service which calls this script before nbfc.service is called. My service file looks like this /etc/systemd/system/lift-kernel-lockdown.service:
[Unit]
Description=Disable kernel lockdown feature
Before=nbfc.service
[Service]
ExecStart=/opt/lift_kernel_lockdown.sh
Type=oneshot
[Install]
WantedBy=multi-user.target
The script I wrote looks like this /opt/lift_kernel_lockdown.sh:
#!/bin/bash -ex
DEFAULT_SYSRQ=$(sysctl -n kernel.sysrq)
sysctl -w kernel.sysrq=1
echo x > /proc/sysrq-trigger
sysctl -w kernel.sysrq=${DEFAULT_SYSRQ}
When I run the following command:
systemctl start lift-kernel-lockdown.service
I get the following output:
Job for lift-kernel-lockdown.service failed because the control process exited with error code.
See "systemctl status lift-kernel-lockdown.service" and "journalctl -xe" for details.
After this, I run the command:
systemctl status lift-kernel-lockdown.service
and I get the following output:
lift-kernel-lockdown.service - Disable kernel lockdown feature
Loaded: loaded (/etc/systemd/system/lift-kernel-lockdown.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2019-04-06 23:48:03 CEST; 2min 34s ago
Process: 5459 ExecStart=/opt/lift_kernel_lockdown.sh (code=exited, status=203/EXEC)
Main PID: 5459 (code=exited, status=203/EXEC)
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
When I run the command:
journalctl -xe
I get the output:
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Operator of unix-session:2 successfully authenticated as unix-user:david to gain TEMPORARY authorization for action org.freedesktop.systemd1.manage-u
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
-- Subject: Unit lift-kernel-lockdown.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has begun starting up.
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
-- Subject: Process /opt/lift_kernel_lockdown.sh could not be executed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The process /opt/lift_kernel_lockdown.sh could not be executed and failed.
--
-- The error number returned by this process is 13.
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: Exception in callback for signal: activate: Error: Error invoking IBus.set_global_engine_async: Expected function for callback argument callback, got u
setEngine@resource:///org/gnome/shell/misc/ibusManager.js:207:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
activateInputSource@resource:///org/gnome/shell/ui/status/keyboard.js:490:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
activate@resource:///org/gnome/shell/ui/status/keyboard.js:65:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_inputSourcesChanged@resource:///org/gnome/shell/ui/status/keyboard.js:620:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
reload@resource:///org/gnome/shell/ui/status/keyboard.js:369:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_ibusSetContentType@resource:///org/gnome/shell/ui/status/keyboard.js:691:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
_setContentType@resource:///org/gnome/shell/misc/ibusManager.js:183:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
-- Subject: Unit lift-kernel-lockdown.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has failed.
--
-- The result is RESULT.
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Unregistered Authentication Agent for unix-process:5450:312328 (system bus name :1.439, object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
lines 2683-2736/2736 (END)
I truly have no idea where to go from here or how to solve it, I would truly appreciate the help from someone with knowledge about this.
kernel permissions systemd
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
add a comment |
0
So, I have spent a long time trying to fix a simple systemd service which can lift the kernel lockdown. After a lot of time spent researching and googling I couldn't find an answer to my question.
What I want is a script to run before an existing service called nbfc.service is run. I tried to do this by making a new service which calls this script before nbfc.service is called. My service file looks like this /etc/systemd/system/lift-kernel-lockdown.service:
[Unit]
Description=Disable kernel lockdown feature
Before=nbfc.service
[Service]
ExecStart=/opt/lift_kernel_lockdown.sh
Type=oneshot
[Install]
WantedBy=multi-user.target
The script I wrote looks like this /opt/lift_kernel_lockdown.sh:
#!/bin/bash -ex
DEFAULT_SYSRQ=$(sysctl -n kernel.sysrq)
sysctl -w kernel.sysrq=1
echo x > /proc/sysrq-trigger
sysctl -w kernel.sysrq=${DEFAULT_SYSRQ}
When I run the following command:
systemctl start lift-kernel-lockdown.service
I get the following output:
Job for lift-kernel-lockdown.service failed because the control process exited with error code.
See "systemctl status lift-kernel-lockdown.service" and "journalctl -xe" for details.
After this, I run the command:
systemctl status lift-kernel-lockdown.service
and I get the following output:
lift-kernel-lockdown.service - Disable kernel lockdown feature
Loaded: loaded (/etc/systemd/system/lift-kernel-lockdown.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2019-04-06 23:48:03 CEST; 2min 34s ago
Process: 5459 ExecStart=/opt/lift_kernel_lockdown.sh (code=exited, status=203/EXEC)
Main PID: 5459 (code=exited, status=203/EXEC)
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
When I run the command:
journalctl -xe
I get the output:
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Operator of unix-session:2 successfully authenticated as unix-user:david to gain TEMPORARY authorization for action org.freedesktop.systemd1.manage-u
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
-- Subject: Unit lift-kernel-lockdown.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has begun starting up.
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
-- Subject: Process /opt/lift_kernel_lockdown.sh could not be executed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The process /opt/lift_kernel_lockdown.sh could not be executed and failed.
--
-- The error number returned by this process is 13.
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: Exception in callback for signal: activate: Error: Error invoking IBus.set_global_engine_async: Expected function for callback argument callback, got u
setEngine@resource:///org/gnome/shell/misc/ibusManager.js:207:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
activateInputSource@resource:///org/gnome/shell/ui/status/keyboard.js:490:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
activate@resource:///org/gnome/shell/ui/status/keyboard.js:65:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_inputSourcesChanged@resource:///org/gnome/shell/ui/status/keyboard.js:620:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
reload@resource:///org/gnome/shell/ui/status/keyboard.js:369:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_ibusSetContentType@resource:///org/gnome/shell/ui/status/keyboard.js:691:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
_setContentType@resource:///org/gnome/shell/misc/ibusManager.js:183:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
-- Subject: Unit lift-kernel-lockdown.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has failed.
--
-- The result is RESULT.
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Unregistered Authentication Agent for unix-process:5450:312328 (system bus name :1.439, object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
lines 2683-2736/2736 (END)
I truly have no idea where to go from here or how to solve it, I would truly appreciate the help from someone with knowledge about this.
kernel permissions systemd
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
add a comment |
0
0
0
1
So, I have spent a long time trying to fix a simple systemd service which can lift the kernel lockdown. After a lot of time spent researching and googling I couldn't find an answer to my question.
What I want is a script to run before an existing service called nbfc.service is run. I tried to do this by making a new service which calls this script before nbfc.service is called. My service file looks like this /etc/systemd/system/lift-kernel-lockdown.service:
[Unit]
Description=Disable kernel lockdown feature
Before=nbfc.service
[Service]
ExecStart=/opt/lift_kernel_lockdown.sh
Type=oneshot
[Install]
WantedBy=multi-user.target
The script I wrote looks like this /opt/lift_kernel_lockdown.sh:
#!/bin/bash -ex
DEFAULT_SYSRQ=$(sysctl -n kernel.sysrq)
sysctl -w kernel.sysrq=1
echo x > /proc/sysrq-trigger
sysctl -w kernel.sysrq=${DEFAULT_SYSRQ}
When I run the following command:
systemctl start lift-kernel-lockdown.service
I get the following output:
Job for lift-kernel-lockdown.service failed because the control process exited with error code.
See "systemctl status lift-kernel-lockdown.service" and "journalctl -xe" for details.
After this, I run the command:
systemctl status lift-kernel-lockdown.service
and I get the following output:
lift-kernel-lockdown.service - Disable kernel lockdown feature
Loaded: loaded (/etc/systemd/system/lift-kernel-lockdown.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2019-04-06 23:48:03 CEST; 2min 34s ago
Process: 5459 ExecStart=/opt/lift_kernel_lockdown.sh (code=exited, status=203/EXEC)
Main PID: 5459 (code=exited, status=203/EXEC)
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
When I run the command:
journalctl -xe
I get the output:
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Operator of unix-session:2 successfully authenticated as unix-user:david to gain TEMPORARY authorization for action org.freedesktop.systemd1.manage-u
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
-- Subject: Unit lift-kernel-lockdown.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has begun starting up.
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
-- Subject: Process /opt/lift_kernel_lockdown.sh could not be executed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The process /opt/lift_kernel_lockdown.sh could not be executed and failed.
--
-- The error number returned by this process is 13.
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: Exception in callback for signal: activate: Error: Error invoking IBus.set_global_engine_async: Expected function for callback argument callback, got u
setEngine@resource:///org/gnome/shell/misc/ibusManager.js:207:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
activateInputSource@resource:///org/gnome/shell/ui/status/keyboard.js:490:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
activate@resource:///org/gnome/shell/ui/status/keyboard.js:65:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_inputSourcesChanged@resource:///org/gnome/shell/ui/status/keyboard.js:620:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
reload@resource:///org/gnome/shell/ui/status/keyboard.js:369:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_ibusSetContentType@resource:///org/gnome/shell/ui/status/keyboard.js:691:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
_setContentType@resource:///org/gnome/shell/misc/ibusManager.js:183:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
-- Subject: Unit lift-kernel-lockdown.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has failed.
--
-- The result is RESULT.
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Unregistered Authentication Agent for unix-process:5450:312328 (system bus name :1.439, object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
lines 2683-2736/2736 (END)
I truly have no idea where to go from here or how to solve it, I would truly appreciate the help from someone with knowledge about this.
kernel permissions systemd
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
So, I have spent a long time trying to fix a simple systemd service which can lift the kernel lockdown. After a lot of time spent researching and googling I couldn't find an answer to my question.
What I want is a script to run before an existing service called nbfc.service is run. I tried to do this by making a new service which calls this script before nbfc.service is called. My service file looks like this /etc/systemd/system/lift-kernel-lockdown.service:
[Unit]
Description=Disable kernel lockdown feature
Before=nbfc.service
[Service]
ExecStart=/opt/lift_kernel_lockdown.sh
Type=oneshot
[Install]
WantedBy=multi-user.target
The script I wrote looks like this /opt/lift_kernel_lockdown.sh:
#!/bin/bash -ex
DEFAULT_SYSRQ=$(sysctl -n kernel.sysrq)
sysctl -w kernel.sysrq=1
echo x > /proc/sysrq-trigger
sysctl -w kernel.sysrq=${DEFAULT_SYSRQ}
When I run the following command:
systemctl start lift-kernel-lockdown.service
I get the following output:
Job for lift-kernel-lockdown.service failed because the control process exited with error code.
See "systemctl status lift-kernel-lockdown.service" and "journalctl -xe" for details.
After this, I run the command:
systemctl status lift-kernel-lockdown.service
and I get the following output:
lift-kernel-lockdown.service - Disable kernel lockdown feature
Loaded: loaded (/etc/systemd/system/lift-kernel-lockdown.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2019-04-06 23:48:03 CEST; 2min 34s ago
Process: 5459 ExecStart=/opt/lift_kernel_lockdown.sh (code=exited, status=203/EXEC)
Main PID: 5459 (code=exited, status=203/EXEC)
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
When I run the command:
journalctl -xe
I get the output:
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: TypeError: this._currentWindow is null
_setCurrentRect@resource:///org/gnome/shell/ui/keyboard.js:536:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_init/<@resource:///org/gnome/shell/ui/keyboard.js:503:13
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Operator of unix-session:2 successfully authenticated as unix-user:david to gain TEMPORARY authorization for action org.freedesktop.systemd1.manage-u
apr 06 23:48:03 davetop systemd[1]: Starting Disable kernel lockdown feature...
-- Subject: Unit lift-kernel-lockdown.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has begun starting up.
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed to execute command: Permission denied
apr 06 23:48:03 davetop systemd[5459]: lift-kernel-lockdown.service: Failed at step EXEC spawning /opt/lift_kernel_lockdown.sh: Permission denied
-- Subject: Process /opt/lift_kernel_lockdown.sh could not be executed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The process /opt/lift_kernel_lockdown.sh could not be executed and failed.
--
-- The error number returned by this process is 13.
apr 06 23:48:03 davetop gnome-shell[1495]: JS ERROR: Exception in callback for signal: activate: Error: Error invoking IBus.set_global_engine_async: Expected function for callback argument callback, got u
setEngine@resource:///org/gnome/shell/misc/ibusManager.js:207:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
activateInputSource@resource:///org/gnome/shell/ui/status/keyboard.js:490:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
activate@resource:///org/gnome/shell/ui/status/keyboard.js:65:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_inputSourcesChanged@resource:///org/gnome/shell/ui/status/keyboard.js:620:13
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
reload@resource:///org/gnome/shell/ui/status/keyboard.js:369:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_ibusSetContentType@resource:///org/gnome/shell/ui/status/keyboard.js:691:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
_emit@resource:///org/gnome/gjs/modules/signals.js:128:27
_setContentType@resource:///org/gnome/shell/misc/ibusManager.js:183:9
wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Main process exited, code=exited, status=203/EXEC
apr 06 23:48:03 davetop systemd[1]: lift-kernel-lockdown.service: Failed with result 'exit-code'.
apr 06 23:48:03 davetop systemd[1]: Failed to start Disable kernel lockdown feature.
-- Subject: Unit lift-kernel-lockdown.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit lift-kernel-lockdown.service has failed.
--
-- The result is RESULT.
apr 06 23:48:03 davetop polkitd(authority=local)[876]: Unregistered Authentication Agent for unix-process:5450:312328 (system bus name :1.439, object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
lines 2683-2736/2736 (END)
I truly have no idea where to go from here or how to solve it, I would truly appreciate the help from someone with knowledge about this.
kernel permissions systemd
kernel permissions systemd
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
edited Apr 7 at 0:33
Kevin Bowen
14.9k155971
14.9k155971
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
asked Apr 6 at 21:56
David AlbertssonDavid Albertsson
11
11
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131754%2fsimple-systemd-service-to-lift-kernel-lockdown-permission-denied%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1131754%2fsimple-systemd-service-to-lift-kernel-lockdown-permission-denied%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
