Issue with CentOS7 httpd spawing: Permission denied (PVE4 beta 2)

tukiyo3

Well-Known Member
Sep 13, 2015
30
1
48
~~~
# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: failed (Result: exit-code) since Sun 2015-09-13 09:26:53 JST; 15min ago
Process: 520 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=226/NAMESPACE)
Process: 480 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=226/NAMESPACE)
Main PID: 480 (code=exited, status=226/NAMESPACE)
CGroup: /lxc/361/system.slice/httpd.service

Sep 13 09:26:53 wwwc7 systemd[480]: Failed at step NAMESPACE spawning /usr/sbin/httpd: Permission denied
Sep 13 09:26:53 wwwc7 systemd[1]: httpd.service: main process exited, code=exited, status=226/NAMESPACE
Sep 13 09:26:53 wwwc7 systemd[520]: Failed at step NAMESPACE spawning /bin/kill: Permission denied
Sep 13 09:26:53 wwwc7 systemd[1]: httpd.service: control process exited, code=exited status=226
Sep 13 09:26:53 wwwc7 systemd[1]: Failed to start The Apache HTTP Server.
Sep 13 09:26:53 wwwc7 systemd[1]: Unit httpd.service entered failed state.
~~~

~~~
# ps -ef | grep http
# /usr/sbin/httpd
# ps -ef | grep http
root 1800 1 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1801 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1802 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1803 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1804 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1805 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
~~~

postfix, mariadb, nfsd have same probrems.
 
/etc/systemd/system/multi-user.target.wants/httpd.service

- PrivateTmp=true
+ PrivateTmp=false
+ NoNewPrivileges=yes

systemctl daemon-reload, and
systemctl restart httpd is GREEN.

and mariadb, postfix are fixed same patch.

thanks, solved.
 
Last edited:
Editing a permanent file on a permanent storage medium (i.e. hard-drive) is not permanent enough for you?

hahaha sorry my english, but i try to say a "base solution" (i dont know if is a correct word), not a simple fix. the "visible" problem is fixed with that, but is not the base problem. the "real" problem is the service can't use a private tmp folder (i dont know how centos create or mount this folder).
 
Actually the same happens on debian, too. So it is a distribution/app problem. You can write to the creators or you can have your own custom templates with this fix in place.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!