Bug#884764: redis-server exit with code 227/NO_NEW_PRIVILEGES
Mauro Ziliani
Package: redis-server Version: 3:3.2.6-1 Severity: normal When I try to configure redis-server with dpkg --configure redis-server I get the following message Job for redis-server.service failed because the control process exited with error code. See "systemctl status redis-server.service" and "journalctl -xe" for details. invoke-rc.d: initscript redis-server, action "start" failed. ● redis-server.service - Advanced key-value store Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Tue 2017-12-19 11:26:57 CET; 58ms ago Docs: http://redis.io/documentation, man:redis-server(1) Process: 794 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf (code=exited, status=227/NO_NEW_PRIVILEGES) Process: 782 ExecStartPre=/bin/run-parts --verbose /etc/redis/redis-server.pre-up.d (code=exited, status=227/NO_NEW_PRIVILEGES) dic 19 11:26:57 server systemd[1]: redis-server.service: Unit entered failed state. dic 19 11:26:57 server systemd[1]: redis-server.service: Failed with result 'exit-code'. I try to change PrivateDevices=yes to PrivateDevices=no in /lib/systemd/system/redis-server.service and the configuration is done successfully. What does it means for redis-server placing PrivateDevices=no? MZ
Chris Lamb
tags 884764 + moreinfo
thanks
Hi Mauro,
> Version: 3:3.2.6-1
> Severity: normal
parser :)
Anyway, are you sure you are using 3:3.2.6-1? This version does not
contain a PrivateDevices line that you claim to have edited.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Mauro Ziliani
Thanks for the answer.
Sorry for the indentation
But I find PrivateDevices in redis-server.service
This is the deb file name for redis
redis-server_3%3a3.2.6-1_amd64.deb
And this is the content of redis-server.service
[Unit]
Description=Advanced key-value store
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)
[Service]
Type=forking
ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
PIDFile=/var/run/redis/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis
Group=redis
RunTimeDirectory=redis
ExecStartPre=-/bin/run-parts --verbose
/etc/redis/redis-server.pre-up.d
ExecStartPost=-/bin/run-parts --verbose
/etc/redis/redis-server.post-up.d
ExecStop=-/bin/run-parts --verbose
/etc/redis/redis-server.pre-down.d
ExecStop=/bin/kill -s TERM $MAINPID
ExecStopPost=-/bin/run-parts --verbose
/etc/redis/redis-server.post-down.d
UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis
ReadWriteDirectories=-/var/log/redis
ReadWriteDirectories=-/var/run/redis
CapabilityBoundingSet=~CAP_SYS_PTRACE
# redis-server writes its own config file when in cluster mode so
we allow
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
ProtectSystem=true
ReadWriteDirectories=-/etc/redis
[Install]
WantedBy=multi-user.target
Alias=redis.service
Chris Lamb
> But I find PrivateDevices in redis-server.service
apologies.
Please could you let me know your kernel & systemd versions and whether
you have modified the Redis configuration in any way?
Chris Lamb
> > But I find PrivateDevices in redis-server.service
>
> Ah, I think I was looking at the wrong version for a second; my
> apologies.
>
> Please could you let me know your kernel & systemd versions and whether
> you have modified the Redis configuration in any way?
Chris Lamb
> > But I find PrivateDevices in redis-server.service
>
> Ah, I think I was looking at the wrong version for a second; my
> apologies.
>
> Please could you let me know your kernel & systemd versions and whether
> you have modified the Redis configuration in any way?