[Bug 996203] New: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted
http://bugzilla.opensuse.org/show_bug.cgi?id=996203 Bug ID: 996203 Summary: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Apache Assignee: bnc-team-apache@forge.provo.novell.com Reporter: per@computer.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- System: mysogo, 13.2, xen guest. When issuing an apache reload: # systemctl reload apache2 Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xn" for details. # systemctl status apache2 apache2.service - The Apache Webserver Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled) Active: active (running) (Result: exit-code) since Sun 2016-08-07 12:02:18 CEST; 3 weeks 1 days ago Process: 5711 ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful (code=exited, status=226/NAMESPACE) Main PID: 854 (httpd2-prefork) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/apache2.service ├─ 854 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1468 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1472 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1474 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1487 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 3398 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 3400 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─10336 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─32256 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─32280 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start └─32478 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start Aug 30 11:12:31 mysogo systemd[1]: Reloading The Apache Webserver. Aug 30 11:12:31 mysogo systemd[5711]: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted Aug 30 11:12:31 mysogo systemd[1]: apache2.service: control process exited, code=exited status=226 Aug 30 11:12:31 mysogo systemd[1]: Reload failed for The Apache Webserver. Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. A similar issue is mentioned here: https://help.directadmin.com/item.php?id=614 but on my system, both /tmp and /var/tmp are directories, not symlinks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203 http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c8 --- Comment #8 from Per Jessen <per@computer.org> --- (In reply to Petr Gajdos from comment #6)
(In reply to Dr. Werner Fink from comment #5)
or similar therefore I's like to suggest something like
PrivateTmp=false NoNewPrivileges=yes
Per, could you please test this setting? I know that you said it can not be reproduced reliably, but I am afraid we do not have any other possibility than narrow the problem.
Hi Petr I have just used those settings on a different apache (openSUSE 12.3), didn't see any problems. I'll update with the status from the xen guest with 13.2. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203 http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c9 Per Jessen <per@computer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(per@computer.org) | --- Comment #9 from Per Jessen <per@computer.org> --- (In reply to Petr Gajdos from comment #7)
------------------------------------------------------------------- Thu Jun 25 03:52:01 UTC 2015 - crrodriguez@opensuse.org
- apache2.service: We have to use KillMode=mixed for the graceful stop, restart to work properly.
This is not part of 13.2/apache2. Maybe that would help?
Have just tried that on "mysogo" (13.2) - did a reload, saw no problems. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203 http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c11 --- Comment #11 from Per Jessen <per@computer.org> --- Have just tried reloading apache on mysogo - SSL certificate renewal: Nov 04 08:28:28 mysogo systemd[1]: Reloading The Apache Webserver. Nov 04 08:28:28 mysogo systemd[26320]: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted Nov 04 08:28:28 mysogo systemd[1]: apache2.service: control process exited, code=exited status=226 Nov 04 08:28:28 mysogo systemd[1]: Reload failed for The Apache Webserver. Nov 04 08:28:36 mysogo systemd[1]: Reloading The Apache Webserver. Nov 04 08:28:36 mysogo systemd[26325]: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted Nov 04 08:28:36 mysogo systemd[1]: apache2.service: control process exited, code=exited status=226 Nov 04 08:28:36 mysogo systemd[1]: Reload failed for The Apache Webserver. # systemctl cat apache2 # /usr/lib/systemd/system/apache2.service [Unit] Description=The Apache Webserver Wants=network.target nss-lookup.target After=network.target nss-lookup.target Before=getty@tty1.service plymouth-quit.service xdm.service [Service] Type=notify PrivateTmp=true EnvironmentFile=/etc/sysconfig/apache2 ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k start ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful-stop [Install] WantedBy=multi-user.target Alias=httpd.service # /etc/systemd/system/apache2.service.d/extra.conf [Service] KillMode=mixed -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203 http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c15 --- Comment #15 from Per Jessen <per@computer.org> --- (In reply to Petr Gajdos from comment #14)
Okay. In your *.service there is (the SUSE default):
(In reply to Per Jessen from comment #11)
PrivateTmp=true
Then I would try Werner's suggestion to not use private tmp:
(In reply to Dr. Werner Fink from comment #5)
PrivateTmp=false NoNewPrivileges=yes
I thought I had tried it, but it doesn't look like it. I have added those two config directives. # /etc/systemd/system/apache2.service.d/extra.conf [Service] KillMode=mixed PrivateTmp=false NoNewPrivileges=yes Then I restarted, tried a reload, worked fine. The certificates are due to be renewed in a couple of weeks, it can't possibly be related, but that's when I've usuallly seen the issue.
if that is feasible for you (also suggested in https://help.directadmin.com/item.php?id=614). I am afraid I have no other clue. Maybe just except to try systemd debug mode but I won't be much of help here.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203 http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c19 Archie Cobbs <archie.cobbs@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |archie.cobbs@gmail.com --- Comment #19 from Archie Cobbs <archie.cobbs@gmail.com> --- FWIW, I just saw a similar problem. Totally out of the blue. I have an RPM that includes the SSL certificate. To update the SSL certificate I build and install a new version of the RPM. The RPM contains this script: %post # Reload apache if systemctl -q is-active apache2.service; then systemctl reload-or-try-restart apache2.service fi This has worked normally for years on 10+ different machines. Suddenly today instead I got this error: apache2.service: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: No such file or directory Here is the relevant journalctl output: Nov 22 12:42:19 prod systemd[1]: Stopping The Apache Webserver... Nov 22 12:42:19 prod systemd[2793]: apache2.service: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: No such file or directory Nov 22 12:42:19 prod systemd[1]: apache2.service: Control process exited, code=exited status=226 Nov 22 12:42:19 prod systemd[1]: Stopped The Apache Webserver. Nov 22 12:42:19 prod systemd[1]: apache2.service: Unit entered failed state. Nov 22 12:42:19 prod systemd[1]: apache2.service: Failed with result 'exit-code'. Nov 22 12:42:19 prod systemd[1]: Starting The Apache Webserver... Nov 22 12:42:19 prod systemd[1]: Started The Apache Webserver. I then logged in and did "systemctl restart apache2" and everything was fine. Running "rpm -V apache2" showed nothing amiss. This smells to me like some kind of systemd internal race condition bug. Let me know if I can provide more info. Versions: openSUSE Leap 15.0 apache2-2.4.33-lp150.2.23.1.x86_64 systemd-234-lp150.20.15.1.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com