installed ejabberd package post-installation script subprocess returned error exit status 1

Bug #1815699 reported by Ivan Kurnosov on 2019-02-13
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ejabberd (Ubuntu)
Undecided
Unassigned

Bug Description

On an empty just installed ubuntu 18.04 `apt install ejabberd` fails.

Relevant apt log:

Setting up erlang-p1-cache-tab (1.0.12-2) ...
Setting up erlang-p1-xml (1.1.28-1) ...
Setting up erlang-p1-eimp (1.0.2-2) ...
Setting up erlang-p1-xmpp (1.1.19-1) ...
Setting up ejabberd (18.01-2) ...

Creating config file /etc/ejabberd/ejabberd.yml with new version
Created symlink /etc/systemd/system/multi-user.target.wants/ejabberd.service → /lib/systemd/system/ejabberd.service.
Job for ejabberd.service failed because the control process exited with error code.
See "systemctl status ejabberd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript ejabberd, action "start" failed.
● ejabberd.service - A distributed, fault-tolerant Jabber/XMPP server
   Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 2019-02-13 01:16:29 UTC; 17ms ago
     Docs: https://www.process-one.net/en/ejabberd/docs/
  Process: 1588 ExecStart=/bin/sh -c /usr/sbin/ejabberdctl start && /usr/sbin/ejabberdctl started (code=exited, status=1/FAILURE)
dpkg: error processing package ejabberd (--configure):
 installed ejabberd package post-installation script subprocess returned error exit status 1
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for systemd (237-3ubuntu10.11) ...
Processing triggers for ufw (0.35-5) ...
Errors were encountered while processing:
 ejabberd
E: Sub-process /usr/bin/dpkg returned an error code (1)
W: Operation was interrupted before it could finish

Systemctl status:

● ejabberd.service - A distributed, fault-tolerant Jabber/XMPP server
   Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; vendor preset: enabled)
   Active: activating (start) since Wed 2019-02-13 01:22:17 UTC; 23s ago
     Docs: https://www.process-one.net/en/ejabberd/docs/
Cntrl PID: 10571 (sh)
    Tasks: 52 (limit: 4915)
   CGroup: /system.slice/ejabberd.service
           ├─10571 /bin/sh -c /usr/sbin/ejabberdctl start && /usr/sbin/ejabberdctl started
           ├─10591 /usr/lib/erlang/erts-9.2/bin/beam.smp -K true -P 250000 -- -root /usr/lib/erlang -progname erl -- -home /var/lib/ejabberd -- -sname ejabberd@localhost -smp auto -mnesia dir "/var/lib/ejabberd"
           ├─10592 /bin/sh /usr/sbin/ejabberdctl started
           ├─10610 erl_child_setup 65536
           ├─10639 /usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp
           ├─10640 /usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp
           ├─10641 /usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp
           ├─10642 /usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp
           ├─10643 /usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp
           ├─10644 /usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp
           ├─10645 sh -s disksup
           ├─10647 /usr/lib/erlang/lib/os_mon-2.4.4/priv/bin/memsup
           ├─10648 inet_gethost 4
           ├─10649 inet_gethost 4
           ├─10650 /bin/sh -c inotifywait $0 $@ & PID=$!; read a; kill $PID -m -e modify -e close_write -e moved_to -e create -e delete -e attrib --quiet -r /etc/ejabberd
           ├─10651 inotifywait -m -e modify -e close_write -e moved_to -e create -e delete -e attrib --quiet -r /etc/ejabberd
           └─11122 sleep 2

Feb 13 01:22:17 unified-monkey systemd[1]: ejabberd.service: Scheduled restart job, restart counter is at 6.
Feb 13 01:22:17 unified-monkey systemd[1]: Stopped A distributed, fault-tolerant Jabber/XMPP server.
Feb 13 01:22:17 unified-monkey systemd[1]: ejabberd.service: Failed to reset devices.list: Operation not permitted
Feb 13 01:22:17 unified-monkey systemd[1]: Starting A distributed, fault-tolerant Jabber/XMPP server...

Ivan Kurnosov (zerkms) wrote :

It looks like it only happens inside linux containers (lxc) :-(

Ivan Kurnosov (zerkms) wrote :

Ok, found it:

PrivateTmp=true
ProtectHome=true
ProtectSystem=full

these systemd service parameters prevent it from starting properly...

So what are the exact steps necessary to get it running in a Linux container?

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ejabberd (Ubuntu):
status: New → Confirmed
tags: added: bionic

Please assist. I need a work-around, and can't figure out what to do:
https://unix.stackexchange.com/questions/513874/ejabberd-victum-of-systemd-security-enhancements

@Ivan Kurnosov: If it's possible to detect being run inside a container I would welcome a patch for the maintainer scripts to do the necessary adjustments automatically, as I don't use containers myself (yet).

@Lonnie Lee Best: RTFM! https://salsa.debian.org/ejabberd-packaging-team/ejabberd/blob/master/debian/README.Debian#L161-168 installed as /usr/share/doc/ejabberd/README.Debian.gz,
or read any other systemd documentation.

Ivan Kurnosov (zerkms) wrote :

@Philipp Huebner

I personally use the following systemd service override:

```
[Service]
PrivateTmp=false
ProtectHome=false
ProtectSystem=false
```

Speaking of detection: `systemd-detect-virt` in an lxd/lxc container returns `lxc\n`

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers