systemd[12345]: Failed at step NAMESPACE spawning /usr/sbin/httpd: Permission denied


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Apache Related Information

systemd[12345]: Failed at step NAMESPACE spawning /usr/sbin/httpd: Permission deniedLast Modified: Jan 29, 2016, 12:14 am
A few reports of issues on Debian 8 boxes with the following error preventing httpd from starting up:

root@server:/usr/local/directadmin/custombuild# systemctl start httpd
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
root@server:/usr/local/directadmin/custombuild# systemctl status httpd.service
httpd.service - The Apache HTTP Server
  Loaded: loaded (/etc/systemd/system/httpd.service; enabled)
  Active: failed (Result: exit-code) since Tue 2016-01-26 12:16:17 MSK; 10s ago
 Process: 14703 ExecStart=/usr/sbin/httpd $OPTIONS -k start (code=exited, status=226/NAMESPACE)

Jan 26 12:16:17 server.domain.com systemd[14703]: Failed at step NAMESPACE spawning /usr/sbin/httpd: Permission denied
Jan 26 12:16:17 server.domain.com systemd[1]: httpd.service: control process exited, code=exited status=226
Jan 26 12:16:17 server.domain.com systemd[1]: Failed to kill control group: Invalid argument
Jan 26 12:16:17 server.domain.com systemd[1]: Failed to kill control group: Invalid argument
Jan 26 12:16:17 server.domain.com systemd[1]: Failed to start The Apache HTTP Server.
Jan 26 12:16:17 server.domain.com systemd[1]: Unit httpd.service entered failed state.

Where the likely cause is a symbolic link

/tmp -> /var/tmp
or
/var/tmp -> /tmp

Neither /tmp nor /var/tmp should be symbolic links.
The simple solution is to simply delete the given link and create a 2nd folder instead
Eg: if you had /var/tmp -> /tmp, then type:

rm -f /var/tmp
mkdir /var/tmp
chmod 1777 /var/tmp





From a systemd perspective, a less desirable workaround is to edit:

/etc/systemd/system/httpd.service

and replace this line:

PrivateTmp=true

with these two lines:

PrivateTmp=false
NoNewPrivileges=yes

and then reload the systemctl deamon:

systemctl daemon-reload

and then httpd should be able to start up:

root@server:/etc/systemd/system# systemctl start httpd
root@server:/etc/systemd/system# systemctl status httpd.service
httpd.service - The Apache HTTP Server
  Loaded: loaded (/etc/systemd/system/httpd.service; enabled)
  Active: active (running) since Tue 2016-01-26 12:19:04 MSK; 11s ago
 Process: 17276 ExecStart=/usr/sbin/httpd $OPTIONS -k start (code=exited, status=0/SUCCESS)
Main PID: 17284 (httpd)
  CGroup: /lxc/101/system.slice/httpd.service

Jan 26 12:19:04 server.domain.com systemd[1]: Started The Apache HTTP Server.
Jan 26 12:19:14 server.domain.com systemd[1]: Started The Apache HTTP Server.



We'll continue to monitor for other reports and will consider changing the default boot script if it's a common problem.



One other find was that "localhost" couldn't be used, even though "127.0.0.1 localhost" was set in the /etc/hosts.
Changing the host value in various places to 127.0.0.1 seemed to work...  although this might be an unrelated reverse dns issue (not yet sure)

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST