[Fedora 34 beta] suspend-then-hibernate fails with Error creating timerfd: Operation not permitted

doni78390 · March 29, 2021, 9:32am

Hello Fedora users/gurus,

I am trying the new Fedora 34 on my laptop, almost works as expected but this :

× systemd-suspend-then-hibernate.service - Suspend; Hibernate if not used for a period of time
     Loaded: loaded (/usr/lib/systemd/system/systemd-suspend-then-hibernate.service; static)
     Active: failed (Result: exit-code) since Mon 2021-03-29 10:30:48 CEST; 58min ago
       Docs: man:systemd-suspend.service(8)
    Process: 3285 ExecStart=/usr/lib/systemd/systemd-sleep suspend-then-hibernate (code=exited, status=1/FAILURE)
   Main PID: 3285 (code=exited, status=1/FAILURE)
        CPU: 8ms

Mar 29 10:30:48 fedora systemd[1]: Starting Suspend; Hibernate if not used for a period of time...
Mar 29 10:30:48 fedora systemd-sleep[3285]: Error creating timerfd: Operation not permitted
Mar 29 10:30:48 fedora systemd[1]: systemd-suspend-then-hibernate.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 10:30:48 fedora systemd[1]: systemd-suspend-then-hibernate.service: Failed with result 'exit-code'.
Mar 29 10:30:48 fedora systemd[1]: Failed to start Suspend; Hibernate if not used for a period of time.

The suspend and hibernate are working (well, I still have to check why after hibernating system is not correctly resumed from my swap partition) so the issue seems to be with this timerfd.
system-sleep is a binary program, I’m unable to see what action on timerfd is called, anyone have a clue ?

Thank you in advance,

ilikelinux · March 29, 2021, 1:20pm

Tree - fedora-workstation - Pagure.io >> Status of hybernation

Please read to understand why you might have trouble.

doni78390 · March 29, 2021, 4:59pm

Hi and thank you for you link.

I was using this laptop with Fedora 33 and everything was fine, hibernating, suspending and of course suspend-then-hibernate. After updating to Fedora 34 I had this issue with the timerfd.

I tried to install from scratch (formatted my previous root and home fs), the issue is still here.
Again, suspending and hibernating works, it is only the suspend-and-hibernate which fails due to the “timerfd: Operation not permitted” error.

For me, the system-sleep is trying to set a timer for the HibernateDelaySec value found in /etc/systemd/sleep.conf and for an unknown reason it fails.

code_fedora · April 6, 2021, 6:23pm

Looks like the SELinux policy for systemd-sleep is too restrictive.

$ sudo grep 'wake_alarm.*systemd-sleep' /var/log/audit/audit.log
type=AVC msg=audit(1617712931.069:1172): avc:  denied  { wake_alarm } for  pid=72095 comm="systemd-sleep" capability=35  scontext=system_u:system_r:systemd_sleep_t:s0 tcontext=system_u:system_r:systemd_sleep_t:s0 tclass=capability2 permissive=0

Temporary workaround via custom SELinux module.

sudo grep 'wake_alarm.*systemd-sleep' /var/log/audit/audit.log | audit2allow -M systemd_sleep_wake_alarm
sudo semodule --install=systemd_sleep_wake_alarm.pp

code_fedora · April 6, 2021, 2:29pm

PR to fix this allow systemd-sleep to set timer for suspend-then-hibernate by MartinNowak · Pull Request #680 · fedora-selinux/selinux-policy · GitHub

doni78390 · April 6, 2021, 6:24pm

Thank you, it is working as expected after patching !