Apache2 fails to start after upgrade to SLES 12 SP3 when using chroot
This document (7022287) is provided subject to the disclaimer at the end of this document.
Environment
Upgrade to SUSE Linux Enterprise Server 12 SP3 (or later)
Running apache2 web server with chroot enabled in mod_security2.
Running apache2 web server with chroot enabled in mod_security2.
Situation
SUSE Linux Enterprise Server 12 SP2 had apache2 web services configured and running correctly.
Module mod_security2 loaded and /etc/apache2/conf.d/mod_security2.conf has the following entry:
SecChrootDir /webroot
After upgrading the server to 12 SP3 the server would fail after about 1 minute with the following error:
apache2.service: Failed with result 'timeout'
Error log reported:
[Tue Oct 03 11:36:11.138639 2017] [:error] [pid 52144] AH00000: sd_notifyf returned an error -2
[Tue Oct 03 11:36:20.493692 2017] [mpm_prefork:notice] [pid 52144] AH00169: caught SIGTERM, shutting down
Module mod_security2 loaded and /etc/apache2/conf.d/mod_security2.conf has the following entry:
SecChrootDir /webroot
After upgrading the server to 12 SP3 the server would fail after about 1 minute with the following error:
apache2.service: Failed with result 'timeout'
Error log reported:
[Tue Oct 03 11:36:11.138639 2017] [:error] [pid 52144] AH00000: sd_notifyf returned an error -2
[Tue Oct 03 11:36:20.493692 2017] [mpm_prefork:notice] [pid 52144] AH00169: caught SIGTERM, shutting down
Resolution
To correct the problem do the following as the root user. Be sure to replace "webroot" with the correct chroot directory location:
systemctl stop apache2.service
mkdir -p /webroot/run/systemd
touch /webroot/run/systemd/notify
mount -o bind /run/systemd/notify /webroot/run/systemd/notify
systemctl start apache2.service
Test to verify that the apache2 server started correctly and has no failures. If it is working well then do the following to make the setup permanent:
As root edit /etc/fstab
Add the following entry to the bottom of the list:
/run/systemd/notify /webroot/run/systemd/notify tmpfs bind 0 0
Save the file. The system can be rebooted, the mount will happen automatically, and apache2 should startup without a failure.
systemctl stop apache2.service
mkdir -p /webroot/run/systemd
touch /webroot/run/systemd/notify
mount -o bind /run/systemd/notify /webroot/run/systemd/notify
systemctl start apache2.service
Test to verify that the apache2 server started correctly and has no failures. If it is working well then do the following to make the setup permanent:
As root edit /etc/fstab
Add the following entry to the bottom of the list:
/run/systemd/notify /webroot/run/systemd/notify tmpfs bind 0 0
Save the file. The system can be rebooted, the mount will happen automatically, and apache2 should startup without a failure.
Cause
When the service is started through systemd it writes a PID file to /var/run. The older version of apache2 (version 2.4.16-19.1) setup the chroot after the PID file was written to the expected location and systemd worked as expected.
With the new version of apache (version 2.4.23-29.6.1) the PID file gets created in the chroot directory structure. Then systemd is unable to locate the PID file in /var/run and kills the apache2 service.
With the new version of apache (version 2.4.23-29.6.1) the PID file gets created in the chroot directory structure. Then systemd is unable to locate the PID file in /var/run and kills the apache2 service.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7022287
- Creation Date: 07-Nov-2017
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
