Bug#867135: ejabberd install fails with NO_NEW_PRIVILEGES exit code
not sure if relevant, but this initially happened during an upgrade from jessie to stretch. i figured the line "PrivateDevices=\n" maybe cleared whatever value the variable held before. maybe that used to be the case? you're welcome for the bugreport! i hope it's an actual bug and therefore useful to have this here, and not just something specific to my system, turning this into personal tech support and wasting other people's space and time. (free tech support, woo!) thanks!
Bug#867137: mariadb-server-10.1: mariadb install fails with NO_NEW_PRIVILEGES
steps that allowed me to successfully install mariadb-server - put the following contents into the mariadb service unit file #+BEGIN_SRC [Service] PrivateDevices=false NoNewPrivileges=false #+END_SRC - install mariadb-server example: ozzloy:~/ $ sudo systemctl edit mariadb.service ozzloy:~/ $ cat /etc/systemd/system/mariadb.service.d/override.conf [Service] PrivateDevices=false NoNewPrivileges=false ozzloy:~/ $ sudo apt-get install -y mariadb-server * summary of actions - attempted mariadb-server install fails without override.conf - uninstall mariadb-server-10.1 - add mariadb systemd configuration - clean install mariadb-server with override.conf in place ahead of time * full output of terminal, broken into sections ## ## ** attempted mariadb-server install fails without override.conf ozzloy:~/ $ sudo rm /etc/systemd/system/mariadb.service.d/override.conf ozzloy:~/ $ sudo apt-get install -y mariadb-server [16:11:46] Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: galera-3 mariadb-server-10.1 mariadb-server-core-10.1 socat Suggested packages: mariadb-test netcat-openbsd tinyca The following NEW packages will be installed: galera-3 mariadb-server mariadb-server-10.1 mariadb-server-core-10.1 socat 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/11.8 MB of archives. After this operation, 109 MB of additional disk space will be used. Preconfiguring packages ... Selecting previously unselected package galera-3. (Reading database ... 228172 files and directories currently installed.) Preparing to unpack .../galera-3_25.3.19-2_amd64.deb ... Unpacking galera-3 (25.3.19-2) ... Selecting previously unselected package mariadb-server-core-10.1. Preparing to unpack .../mariadb-server-core-10.1_10.1.23-9+deb9u1_amd64.deb ... Unpacking mariadb-server-core-10.1 (10.1.23-9+deb9u1) ... Selecting previously unselected package socat. Preparing to unpack .../socat_1.7.3.1-2+b1_amd64.deb ... Unpacking socat (1.7.3.1-2+b1) ... Selecting previously unselected package mariadb-server-10.1. Preparing to unpack .../mariadb-server-10.1_10.1.23-9+deb9u1_amd64.deb ... /var/lib/mysql: found previous version 10.1 Unpacking mariadb-server-10.1 (10.1.23-9+deb9u1) ... Selecting previously unselected package mariadb-server. Preparing to unpack .../mariadb-server_10.1.23-9+deb9u1_all.deb ... Unpacking mariadb-server (10.1.23-9+deb9u1) ... Setting up mariadb-server-core-10.1 (10.1.23-9+deb9u1) ... Setting up socat (1.7.3.1-2+b1) ... Setting up galera-3 (25.3.19-2) ... Processing triggers for systemd (232-25) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up mariadb-server-10.1 (10.1.23-9+deb9u1) ... Job for mariadb.service failed because the control process exited with error code. See "systemctl status mariadb.service" and "journalctl -xe" for details. invoke-rc.d: initscript mysql, action "start" failed. ● mariadb.service - MariaDB database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2017-07-05 16:12:24 PDT; 15ms ago Process: 22411 ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=227/NO_NEW_PRIVILEGES) Process: 22319 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1 (code=exited, status=0/SUCCESS) Process: 22315 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 22312 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS) Main PID: 22411 (code=exited, status=227/NO_NEW_PRIVILEGES) Jul 05 16:12:24 ozzloy.lifeafterking.org systemd[1]: Starting MariaDB databas….. Jul 05 16:12:24 ozzloy.lifeafterking.org systemd[22411]: mariadb.service: Fai…nt Jul 05 16:12:24 ozzloy.lifeafterking.org systemd[1]: mariadb.service: Main pr…ES Jul 05 16:12:24 ozzloy.lifeafterking.org systemd[1]: Failed to start MariaDB …r. Jul 05 16:12:24 ozzloy.lifeafterking.org systemd[1]: mariadb.service: Unit en…e. Jul 05 16:12:24 ozzloy.lifeafterking.org systemd[1]: mariadb.service: Failed …'. Hint: Some lines were ellipsized, use -l to show in full. dpkg: error processing package mariadb-server-10.1 (--configure): subprocess installed post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of mariadb-server: mariadb-server depends on mariadb-server-10.1 (>= 10.1.23-9+deb9u1); however: Package mariadb-server-10.1 is not configured yet. dpkg: error processing package mariadb-server (--configure): dependency problems - leaving
Bug#867135: ejabberd install fails with NO_NEW_PRIVILEGES exit code
hi, i do have erlang-p1-pam installed, and i do still have the default config in /etc/ejabberd/ejabberd.yml i'm not sure how i'm supposed to edit the file during the apt-get install process. maybe that's not what's being suggested. thanks for the link! i finally got ejabberd to cleanly install. the process wasn't quite as described in the readme though. * super short summary to get a clean install of ejabberd, the file /etc/systemd/system/ejabberd.service.d/override.conf should have the contents: [Service] PrivateDevices=false NoNewPrivileges=false _before_ issuing 'apt-get install ejabberd'. i think either the install process should just do it automatically, or it should not try to start ejabberd and instead tell the user that they need to modify that file and how to start ejabberd once they have. that's what i think, but i wouldn't be surprised if i was wrong. short aside: http://git.deb.at/w/pkg/ejabberd.git/blob/refs/heads/stretch:/debian/README.Debian#l154 "PrivateDevices=\n" is, afaik, wrong and should be deleted. same for line 156, "NoNewPrivileges=\n" * summary of actions shown below - uninstall ejabberd, remove config files in /etc/systemd/system - attempt install ejabberd with no config files, it fails - show systemctl and journalctl after failed install - systemctl edit ejabberd.service as suggested by http://git.deb.at/w/pkg/ejabberd.git/blob/refs/heads/stretch:/debian/README.Debian#l153 - systemctl daemon-reload as suggested by README.Debian - systemctl status after daemon-reload shows ejabberd process active - lines 2 and 4 are broken, output has complaint about not being able to parse boolean http://git.deb.at/w/pkg/ejabberd.git/blob/refs/heads/stretch:/debian/README.Debian#l154 and http://git.deb.at/w/pkg/ejabberd.git/blob/refs/heads/stretch:/debian/README.Debian#l156 - journalctl complains about non-parsed booleans too - remove ejabberd again and leave systemd config - reinstall ejabberd with /etc/systemd/system/ejabberd.service.d/override.conf in place before starting apt-get install * long version of actions, along with output ozzloy% #### ozzloy% #### ozzloy% # uninstall ejabberd, remove config files in /etc/systemd/system ozzloy% sudo apt-get --autoremove remove -y ejabberd [sudo] password for ozzloy: Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: ejabberd erlang-odbc 0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded. After this operation, 6,648 kB disk space will be freed. (Reading database ... 228172 files and directories currently installed.) Removing ejabberd (16.09-4) ... The ejabberd database has been backed up to /var/backups/ejabberd-2017-07-04T14:52:54.uj8Nma/ejabberd-database. Removing erlang-odbc (1:19.2.1+dfsg-2) ... Processing triggers for man-db (2.7.6.1-2) ... ozzloy% ozzloy% ozzloy% ls -l /etc/systemd/system/ejabberd.service lrwxrwxrwx 1 root root 9 Jul 4 14:53 /etc/systemd/system/ejabberd.service -> /dev/null ozzloy% ozzloy% ozzloy% sudo rm -rf /etc/systemd/system/ejabberd.service{,.d} ozzloy% ozzloy% ozzloy% #### ozzloy% # attempt install ejabberd with no config files, it fails ozzloy% sudo apt-get install -y ejabberd Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: erlang-odbc Suggested packages: apparmor apparmor-utils libunix-syslog-perl yamllint ejabberd-contrib erlang-luerl erlang-p1-oauth2 erlang-p1-sqlite3 erlang-redis-client erlang erlang-manpages erlang-doc The following NEW packages will be installed: ejabberd erlang-odbc 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/3,896 kB of archives. After this operation, 6,648 kB of additional disk space will be used. Preconfiguring packages ... Selecting previously unselected package erlang-odbc. (Reading database ... 227821 files and directories currently installed.) Preparing to unpack .../erlang-odbc_1%3a19.2.1+dfsg-2_amd64.deb ... Unpacking erlang-odbc (1:19.2.1+dfsg-2) ... Selecting previously unselected package ejabberd. Preparing to unpack .../ejabberd_16.09-4_amd64.deb ... Unpacking ejabberd (16.09-4) ... Processing triggers for systemd (232-25) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up erlang-odbc (1:19.2.1+dfsg-2) ... Setting up ejabberd (16.09-4) ... Job for ejabberd.service failed because the control process exited with error code. See "systemctl status ejabberd.service" and "journalctl -xe" for details. invoke-rc.d: initscript ejabberd, action "restart&quo
Bug#867137: mariadb-server-10.1: mariadb install fails with NO_NEW_PRIVILEGES
Package: mariadb-server-10.1 Version: 10.1.23-9+deb9u1 Severity: important Dear Maintainer, * What led up to the situation? sudo apt-get install -y mariadb-server * What exactly did you do (or not do) that was effective (or ineffective)? * ineffective - create /etc/systemd/system/mariadb.service.d/whatever.conf with "NoNewPrivileges=false" - sudo apt-get --autoremove remove mariadb-server * effective (in some sense) - sudo apt-get --autoremove remove mariadb-server-10.1 * What was the outcome of this action? mariadb-server is not installed * What outcome did you expect instead? mariadb-server is installed and running -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mariadb-server-10.1 depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.61 pn galera-3 ii gawk 1:4.1.4+dfsg-1 ii init-system-helpers 1.48 ii iproute2 4.9.0-1 ii libaio1 0.3.110-3 ii libc6 2.24-11+deb9u1 ii libdbi-perl 1.636-1+b1 ii libpam0g 1.1.8-3.6 ii libstdc++66.3.0-18 ii libsystemd0 232-25 ii lsb-base 9.20161125 ii lsof 4.89+dfsg-0.1 ii mariadb-client-10.1 10.1.23-9+deb9u1 ii mariadb-common10.1.23-9+deb9u1 pn mariadb-server-core-10.1 ii passwd1:4.4-4.1 ii perl 5.24.1-3 ii psmisc22.21-2.1+b2 ii rsync 3.1.2-1 pn socat ii zlib1g1:1.2.8.dfsg-5 Versions of packages mariadb-server-10.1 recommends: ii libhtml-template-perl 2.95-2 Versions of packages mariadb-server-10.1 suggests: ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4 ii mailutils [mailx] 1:3.1.1-1 ii mailx 1:20081101-2 pn mariadb-test pn netcat-openbsd pn tinyca here's output from my terminal of install mariadb-server attempt, looking at logs, then uninstalling mariadb: -begin terminal----- ozzloy% sudo apt-get install -y mariadb-server Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: galera-3 mariadb-server-10.1 mariadb-server-core-10.1 socat Suggested packages: mariadb-test netcat-openbsd tinyca The following NEW packages will be installed: galera-3 mariadb-server mariadb-server-10.1 mariadb-server-core-10.1 socat 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/11.8 MB of archives. After this operation, 109 MB of additional disk space will be used. Preconfiguring packages ... Selecting previously unselected package galera-3. (Reading database ... 227821 files and directories currently installed.) Preparing to unpack .../galera-3_25.3.19-2_amd64.deb ... Unpacking galera-3 (25.3.19-2) ... Selecting previously unselected package mariadb-server-core-10.1. Preparing to unpack .../mariadb-server-core-10.1_10.1.23-9+deb9u1_amd64.deb ... Unpacking mariadb-server-core-10.1 (10.1.23-9+deb9u1) ... Selecting previously unselected package socat. Preparing to unpack .../socat_1.7.3.1-2+b1_amd64.deb ... Unpacking socat (1.7.3.1-2+b1) ... Selecting previously unselected package mariadb-server-10.1. Preparing to unpack .../mariadb-server-10.1_10.1.23-9+deb9u1_amd64.deb ... /var/lib/mysql: found previous version 10.1 Unpacking mariadb-server-10.1 (10.1.23-9+deb9u1) ... Selecting previously unselected package mariadb-server. Preparing to unpack .../mariadb-server_10.1.23-9+deb9u1_all.deb ... Unpacking mariadb-server (10.1.23-9+deb9u1) ... Setting up mariadb-server-core-10.1 (10.1.23-9+deb9u1) ... Setting up socat (1.7.3.1-2+b1) ... Setting up galera-3 (25.3.19-2) ... Processing triggers for systemd (232-25) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up mariadb-server-10.1 (10.1.23-9+deb9u1) ... Job for mariadb.service failed because the control process exited with error code. See "systemctl status mariadb.service" and "journalctl -xe" for details. invoke-rc.d: initscript mysql, action "start" failed. ● mariadb.service - MariaDB database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/mariadb.service.d └─whatever.conf Active: failed (Result: exit-code) since Mon 2017-07-03 22:03:34 PDT
Bug#867135: ejabberd install fails with NO_NEW_PRIVILEGES exit code
here's the output from terminal as i attempt an install, look at logs, then uninstall ejabberd ozzloy% sudo apt-get install -y ejabberd Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: erlang-odbc Suggested packages: apparmor apparmor-utils libunix-syslog-perl yamllint ejabberd-contrib erlang-luerl erlang-p1-oauth2 erlang-p1-sqlite3 erlang-redis-client erlang erlang-manpages erlang-doc The following NEW packages will be installed: ejabberd erlang-odbc 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/3,896 kB of archives. After this operation, 6,648 kB of additional disk space will be used. Preconfiguring packages ... Selecting previously unselected package erlang-odbc. (Reading database ... 227520 files and directories currently installed.) Preparing to unpack .../erlang-odbc_1%3a19.2.1+dfsg-2_amd64.deb ... Unpacking erlang-odbc (1:19.2.1+dfsg-2) ... Selecting previously unselected package ejabberd. Preparing to unpack .../ejabberd_16.09-4_amd64.deb ... Unpacking ejabberd (16.09-4) ... Processing triggers for systemd (232-25) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up erlang-odbc (1:19.2.1+dfsg-2) ... Setting up ejabberd (16.09-4) ... Job for ejabberd.service failed because the control process exited with error code. See "systemctl status ejabberd.service" and "journalctl -xe" for details. invoke-rc.d: initscript ejabberd, action "restart" failed. ● ejabberd.service - A distributed, fault-tolerant Jabber/XMPP server Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Mon 2017-07-03 17:55:48 PDT; 18ms ago Docs: https://www.process-one.net/en/ejabberd/docs/ Process: 22076 ExecStart=/bin/sh -c /usr/sbin/ejabberdctl start && /usr/sbin/ejabberdctl started (code=exited, status=227/NO_NEW_PRIVILEGES) dpkg: error processing package ejabberd (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: ejabberd E: Sub-process /usr/bin/dpkg returned an error code (1) ozzloy% sudo systemctl status --no-pager --full ejabberd.service ● ejabberd.service - A distributed, fault-tolerant Jabber/XMPP server Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Mon 2017-07-03 17:56:25 PDT; 63ms ago Docs: https://www.process-one.net/en/ejabberd/docs/ Process: 22518 ExecStart=/bin/sh -c /usr/sbin/ejabberdctl start && /usr/sbin/ejabberdctl started (code=exited, status=227/NO_NEW_PRIVILEGES) Jul 03 17:56:25 ozzloy.lifeafterking.org systemd[1]: ejabberd.service: Control process exited, code=exited status=227 Jul 03 17:56:25 ozzloy.lifeafterking.org systemd[1]: Failed to start A distributed, fault-tolerant Jabber/XMPP server. Jul 03 17:56:25 ozzloy.lifeafterking.org systemd[1]: ejabberd.service: Unit entered failed state. Jul 03 17:56:25 ozzloy.lifeafterking.org systemd[1]: ejabberd.service: Failed with result 'exit-code'. ozzloy% sudo journalctl --no-pager --full -xe|tail -n 30 -- -- Unit ejabberd.service has finished shutting down. Jul 03 17:59:49 ozzloy.lifeafterking.org systemd[1]: ejabberd.service: Failed to set invocation ID on control group /system.slice/ejabberd.service, ignoring: Operation not supported Jul 03 17:59:49 ozzloy.lifeafterking.org systemd[1]: Starting A distributed, fault-tolerant Jabber/XMPP server... -- Subject: Unit ejabberd.service has begun start-up -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit ejabberd.service has begun starting up. Jul 03 17:59:49 ozzloy.lifeafterking.org systemd[24904]: ejabberd.service: Failed at step NO_NEW_PRIVILEGES spawning /bin/sh: Invalid argument -- Subject: Process /bin/sh could not be executed -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- The process /bin/sh could not be executed and failed. -- -- The error number returned by this process is 22. Jul 03 17:59:49 ozzloy.lifeafterking.org systemd[1]: ejabberd.service: Control process exited, code=exited status=227 Jul 03 17:59:49 ozzloy.lifeafterking.org systemd[1]: Failed to start A distributed, fault-tolerant Jabber/XMPP server. -- Subject: Unit ejabberd.service has failed -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit ejabberd.service has failed. -- -- The result is failed. Jul 03 17:59:49 ozzloy.lifeafterking.org systemd[1]: ejabberd.service: Unit entered failed state. Jul 03 17:59:49 ozzloy.lifeafterking.org systemd[1]: ejabberd.service: Failed with result 'exit-code'. Jul 03 17:59:51 ozzloy.lifeafterking.org sudo[24929]: ozzloy : TTY=pts/5 ; PWD=/home/ozzloy ; USER=root ; COMMAND=/bin/journalctl --no-pager --full -xe Jul
Bug#867135: ejabberd install fails with NO_NEW_PRIVILEGES exit code
Package: ejabberd Version: 16.09-4 Severity: important Dear Maintainer, * What led up to the situation? 'apt-get install -y ejabberd' * What exactly did you do (or not do) that was effective (or ineffective)? 'apt-get --autoremove remove ejabberd' this was effective in the sense that i could use apt-get again. * What was the outcome of this action? installing failed at step NO_NEW_PRIVILEGES spawning /bin/sh: Invalid argument * What outcome did you expect instead? successful installation of ejabberd -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ejabberd depends on: ii adduser3.115 ii debconf [debconf-2.0] 1.5.61 ii erlang-asn11:19.2.1+dfsg-2 ii erlang-base [erlang-abi-17.0] 1:19.2.1+dfsg-2 ii erlang-crypto 1:19.2.1+dfsg-2 ii erlang-inets 1:19.2.1+dfsg-2 ii erlang-jiffy 0.14.8+dfsg-1 ii erlang-lager 3.2.4-1 ii erlang-mnesia 1:19.2.1+dfsg-2 pn erlang-odbc ii erlang-p1-cache-tab1.0.4-2 ii erlang-p1-iconv1.0.2-2 ii erlang-p1-stringprep 1.0.6-2 ii erlang-p1-tls 1.0.7-2+b1 ii erlang-p1-utils1.0.5-3 ii erlang-p1-xml 1.1.15-2 ii erlang-p1-yaml 1.0.6-2 ii erlang-p1-zlib 1.0.1-4 ii erlang-public-key 1:19.2.1+dfsg-2 ii erlang-ssl 1:19.2.1+dfsg-2 ii erlang-syntax-tools1:19.2.1+dfsg-2 ii erlang-xmerl 1:19.2.1+dfsg-2 ii init-system-helpers1.48 ii lsb-base 9.20161125 ii openssl1.1.0f-3 ii ucf3.0036 ejabberd recommends no packages. Versions of packages ejabberd suggests: pn apparmor pn apparmor-utils pn ejabberd-contrib pn erlang-luerl ii erlang-p1-mysql 1.0.1-4 pn erlang-p1-oauth2 ii erlang-p1-pam1.0.0-5 ii erlang-p1-pgsql 1.1.0-4 ii erlang-p1-sip1.0.8-2 pn erlang-p1-sqlite3 ii erlang-p1-stun 1.0.7-2 pn erlang-redis-client ii imagemagick 8:6.9.7.4+dfsg-11 ii imagemagick-6.q16 [imagemagick] 8:6.9.7.4+dfsg-11 pn libunix-syslog-perl pn yamllint