[Bug 996203] New: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted
http://bugzilla.opensuse.org/show_bug.cgi?id=996203 Bug ID: 996203 Summary: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Apache Assignee: bnc-team-apache@forge.provo.novell.com Reporter: per@computer.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- System: mysogo, 13.2, xen guest. When issuing an apache reload: # systemctl reload apache2 Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xn" for details. # systemctl status apache2 apache2.service - The Apache Webserver Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled) Active: active (running) (Result: exit-code) since Sun 2016-08-07 12:02:18 CEST; 3 weeks 1 days ago Process: 5711 ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful (code=exited, status=226/NAMESPACE) Main PID: 854 (httpd2-prefork) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/apache2.service ├─ 854 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1468 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1472 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1474 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 1487 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 3398 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─ 3400 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─10336 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─32256 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start ├─32280 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start └─32478 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -DFOREGROUND -k start Aug 30 11:12:31 mysogo systemd[1]: Reloading The Apache Webserver. Aug 30 11:12:31 mysogo systemd[5711]: Failed at step NAMESPACE spawning /usr/sbin/start_apache2: Operation not permitted Aug 30 11:12:31 mysogo systemd[1]: apache2.service: control process exited, code=exited status=226 Aug 30 11:12:31 mysogo systemd[1]: Reload failed for The Apache Webserver. Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. A similar issue is mentioned here: https://help.directadmin.com/item.php?id=614 but on my system, both /tmp and /var/tmp are directories, not symlinks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203
http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c8
--- Comment #8 from Per Jessen
(In reply to Dr. Werner Fink from comment #5)
or similar therefore I's like to suggest something like
PrivateTmp=false NoNewPrivileges=yes
Per, could you please test this setting? I know that you said it can not be reproduced reliably, but I am afraid we do not have any other possibility than narrow the problem.
Hi Petr I have just used those settings on a different apache (openSUSE 12.3), didn't see any problems. I'll update with the status from the xen guest with 13.2. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203
http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c9
Per Jessen
------------------------------------------------------------------- Thu Jun 25 03:52:01 UTC 2015 - crrodriguez@opensuse.org
- apache2.service: We have to use KillMode=mixed for the graceful stop, restart to work properly.
This is not part of 13.2/apache2. Maybe that would help?
Have just tried that on "mysogo" (13.2) - did a reload, saw no problems. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203
http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c11
--- Comment #11 from Per Jessen
http://bugzilla.opensuse.org/show_bug.cgi?id=996203
http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c15
--- Comment #15 from Per Jessen
Okay. In your *.service there is (the SUSE default):
(In reply to Per Jessen from comment #11)
PrivateTmp=true
Then I would try Werner's suggestion to not use private tmp:
(In reply to Dr. Werner Fink from comment #5)
PrivateTmp=false NoNewPrivileges=yes
I thought I had tried it, but it doesn't look like it. I have added those two config directives. # /etc/systemd/system/apache2.service.d/extra.conf [Service] KillMode=mixed PrivateTmp=false NoNewPrivileges=yes Then I restarted, tried a reload, worked fine. The certificates are due to be renewed in a couple of weeks, it can't possibly be related, but that's when I've usuallly seen the issue.
if that is feasible for you (also suggested in https://help.directadmin.com/item.php?id=614). I am afraid I have no other clue. Maybe just except to try systemd debug mode but I won't be much of help here.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=996203
http://bugzilla.opensuse.org/show_bug.cgi?id=996203#c19
Archie Cobbs
participants (1)
-
bugzilla_noreply@novell.com