[php-maint] Bug#869182: php-common: Trouble running phpsessionclean.service on a LXC Container...

Marco Gaiarin gaio at sv.lnf.it
Fri Jul 21 09:56:12 UTC 2017 

Package: php-common
Version: 1:49
Severity: normal


I've setup a LXC stretch container in a Proxmox virtualization cluster, and
after installing apache/PHP i've start to have in logs of the container rows
like:

 Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Failed to reset devices.list: Operation not permitted
 Jul 21 10:09:14 vglpi systemd[24929]: phpsessionclean.service: Failed at step NETWORK spawning /usr/lib/php/sessionclean: Permission denied
 Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Main process exited, code=exited, status=225/NETWORK
 Jul 21 10:09:14 vglpi systemd[1]: Failed to start Clean php session files.
 Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Unit entered failed state.
 Jul 21 10:09:14 vglpi systemd[1]: phpsessionclean.service: Failed with result 'exit-code'.
 Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Failed to reset devices.list: Operation not permitted
 Jul 21 10:39:14 vglpi systemd[24948]: phpsessionclean.service: Failed at step NETWORK spawning /usr/lib/php/sessionclean: Permission denied
 Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Main process exited, code=exited, status=225/NETWORK
 Jul 21 10:39:14 vglpi systemd[1]: Failed to start Clean php session files.
 Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Unit entered failed state.
 Jul 21 10:39:14 vglpi systemd[1]: phpsessionclean.service: Failed with result 'exit-code'.

and, on the same time, on the host that run the container:

 Jul 21 10:09:14 tessier kernel: [22515856.189072] audit: type=1400 audit(1500624554.627:384): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
 Jul 21 10:09:14 tessier kernel: [22515856.189077] audit: type=1400 audit(1500624554.627:385): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
 Jul 21 10:09:14 tessier kernel: [22515856.189082] audit: type=1400 audit(1500624554.627:386): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
 Jul 21 10:09:14 tessier kernel: [22515856.189085] audit: type=1400 audit(1500624554.627:387): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=20780 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
 Jul 21 10:39:14 tessier kernel: [22517656.161803] audit: type=1400 audit(1500626354.625:388): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
 Jul 21 10:39:14 tessier kernel: [22517656.161808] audit: type=1400 audit(1500626354.625:389): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
 Jul 21 10:39:14 tessier kernel: [22517656.161812] audit: type=1400 audit(1500626354.625:390): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
 Jul 21 10:39:14 tessier kernel: [22517656.161815] audit: type=1400 audit(1500626354.625:391): apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=23425 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none

I've tried to run the script by hand, as root, and no error appears
(on container and on host).

For now, i've disabled the service:

	root at vglpi:~# systemctl disable phpsessionclean


Thanks.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.21-1-pve (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages php-common depends on:
ii  init-system-helpers  1.48
ii  psmisc               22.21-2.1+b2
ii  sed                  4.4-1

php-common recommends no packages.

php-common suggests no packages.

-- no debconf information

More information about the pkg-php-maint mailing list