proxmox4 beta2でCentOS7をLXCコンテナで動かした。
httpd, postfix, mariadbなどが起動に失敗する現象に遭遇。
現象
httpdが起動に失敗する
# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: failed (Result: exit-code) since Sun 2015-09-13 09:26:53 JST; 15min ago
Process: 520 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=226/NAMESPACE)
Process: 480 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=226/NAMESPACE)
Main PID: 480 (code=exited, status=226/NAMESPACE)
CGroup: /lxc/361/system.slice/httpd.service
Sep 13 09:26:53 wwwc7 systemd[480]: Failed at step NAMESPACE spawning /usr/sbin/httpd: Permission denied
Sep 13 09:26:53 wwwc7 systemd[1]: httpd.service: main process exited, code=exited, status=226/NAMESPACE
Sep 13 09:26:53 wwwc7 systemd[520]: Failed at step NAMESPACE spawning /bin/kill: Permission denied
Sep 13 09:26:53 wwwc7 systemd[1]: httpd.service: control process exited, code=exited status=226
Sep 13 09:26:53 wwwc7 systemd[1]: Failed to start The Apache HTTP Server.
Sep 13 09:26:53 wwwc7 systemd[1]: Unit httpd.service entered failed state.
systemdを使わなければ起動する
# ps -ef | grep http
# /usr/sbin/httpd
# ps -ef | grep http
root 1800 1 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1801 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1802 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1803 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1804 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
apache 1805 1800 0 09:42 ? 00:00:00 /usr/sbin/httpd
対処
- /usr/lib/systemd/system/httpd.service
- /usr/lib/systemd/system/mariadb.service
- /usr/lib/systemd/system/pdns-recursor.service
- /usr/lib/systemd/system/dovecot.service
[Service]
- PrivateTmp=true
+ PrivateTmp=false
+ NoNewPrivileges=yes
設定読み込み
systemctl daemon-reload
サービスの起動
systemctl restart httpd
systemctl restart mariadb
対処2
- /usr/lib/systemd/system/postfix.service
postfix
[Service]
+ NoNewPrivileges=yes
systemctl restart postfix