The issue is occurring because it seems vsftp has changed it's pid namespace.
Probably from sysdeputil.c::vsf_sysutil_fork_isolate_failok()
"syscall(__NR_clone, CLONE_NEWPID)"
There is a specific prohibition in the kernel on this:
-----------------------------------------------------------------------------
commit 34e36d8ecbd958bc15f8e63deade1227de337eb1
Author: Eric W. Biederman <email address hidden>
Date: Mon Sep 10 23:20:20 2012 -0700
audit: Limit audit requests to processes in the initial pid and user namespaces.
This allows the code to safely make the assumption that all of the
uids gids and pids that need to be send in audit messages are in the
initial namespaces.
If someone cares we may lift this restriction someday but start with
limiting access so at least the code is always correct.
-----------------------------------------------------------------------------
Regarding audit=0. I imagine it would solve the issue, rather extreme. Also if I boot with audit=0 then client side ftp fails with "500 OOPS: priv_sock_get_cmd" (seccomp_sandbox=NO in /etc/vsftpd.conf).
Can you verify if the above vsftp codepath is indeed being executed and see what happens if VSF_SYSDEP_HAVE_LINUX_CLONE is disabled.
Ubuntu bug on this also: https:/ /bugs.launchpad .net/ubuntu/ +source/ vsftpd/ +bug/1160372
The issue is occurring because it seems vsftp has changed it's pid namespace.
Probably from sysdeputil. c::vsf_ sysutil_ fork_isolate_ failok( ) __NR_clone, CLONE_NEWPID)"
"syscall(
There is a specific prohibition in the kernel on this:
------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- c15f8e63deade12 27de337eb1
commit 34e36d8ecbd958b
Author: Eric W. Biederman <email address hidden>
Date: Mon Sep 10 23:20:20 2012 -0700
audit: Limit audit requests to processes in the initial pid and user namespaces.
This allows the code to safely make the assumption that all of the
uids gids and pids that need to be send in audit messages are in the
initial namespaces.
If someone cares we may lift this restriction someday but start with ------- ------- ------- ------- ------- ------- ------- ------- ------- -------
limiting access so at least the code is always correct.
-------
Regarding audit=0. I imagine it would solve the issue, rather extreme. Also if I boot with audit=0 then client side ftp fails with "500 OOPS: priv_sock_get_cmd" (seccomp_sandbox=NO in /etc/vsftpd.conf).
Can you verify if the above vsftp codepath is indeed being executed and see what happens if VSF_SYSDEP_ HAVE_LINUX_ CLONE is disabled.