Fails with a service using suexec functionality (starts but exit code 0)

[rickyn-croesus]

Given this apache 2.4 systemd configuration (httpd-2.4.62-1.el9_5.2.x86_64):

[Unit]
Description=The Apache HTTP Server
Wants=httpd-init.service
After=network.target remote-fs.target nss-lookup.target httpd-init.service
Documentation=man:httpd.service(8)

[Service]
Type=notify
Environment=LANG=C

ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
# Send SIGWINCH for graceful stop
KillSignal=SIGWINCH
KillMode=mixed
PrivateTmp=true
OOMPolicy=continue

[Install]
WantedBy=multi-user.target

httpd service is started but MainPID has changed so future starts can't find the pid:

[root@4589d57e6516 /]# /usr/bin/systemctl -vvv start httpd
INFO:systemctl:EXEC BEGIN /usr/bin/systemctl start httpd --system
DEBUG:systemctl:======= systemctl.py start httpd
DEBUG:systemctl:found 226 sysd files
DEBUG:systemctl:found 0 sysv files
INFO:systemctl:system is offline
DEBUG:systemctl:'/usr/lib/systemd/system/httpd.service' no --user mode >> accept
DEBUG:systemctl: start unit httpd.service => '/usr/lib/systemd/system/httpd.service'
DEBUG:systemctl:extra-vars []
DEBUG:systemctl:can not expand $OPTIONS
DEBUG:systemctl:can not expand $OPTIONS
INFO:systemctl:httpd.service: Service private directory option is ignored: PrivateTmp=yes
DEBUG:systemctl:use NOTIFY_SOCKET=/run/systemd/notify.httpd.service
DEBUG:systemctl:ExecStart[0]: /usr/sbin/httpd $OPTIONS -DFOREGROUND
DEBUG:systemctl:can not expand $OPTIONS
INFO:systemctl:notify start '/usr/sbin/httpd' '-DFOREGROUND'
INFO:systemctl:notify started PID 7682
DEBUG:systemctl:writing to /run/httpd.service.status
        MainPID=7682
INFO:systemctl:notify stopped PID 7682 (OK) <->
DEBUG:systemctl:okay, waiting on socket for 90.0s
INFO:systemctl:wait $NOTIFY_SOCKET, timeout 90.0 (lapse 3)
INFO:systemctl:seen dead PID 7682
INFO:systemctl:notify start done 7682
WARNING:systemctl:notify start not active

workaround

mv /usr/sbin/suexec /usr/sbin/suexec.disabled

works:

[root@4589d57e6516 /]# /usr/bin/systemctl -vvv start httpd
INFO:systemctl:EXEC BEGIN /usr/bin/systemctl start httpd --system
DEBUG:systemctl:======= systemctl.py start httpd
DEBUG:systemctl:found 226 sysd files
DEBUG:systemctl:found 0 sysv files
INFO:systemctl:system is offline
DEBUG:systemctl:'/usr/lib/systemd/system/httpd.service' no --user mode >> accept
DEBUG:systemctl: start unit httpd.service => '/usr/lib/systemd/system/httpd.service'
DEBUG:systemctl:extra-vars []
DEBUG:systemctl:can not expand $OPTIONS
DEBUG:systemctl:can not expand $OPTIONS
INFO:systemctl:httpd.service: Service private directory option is ignored: PrivateTmp=yes
DEBUG:systemctl:use NOTIFY_SOCKET=/run/systemd/notify.httpd.service
DEBUG:systemctl:ExecStart[0]: /usr/sbin/httpd $OPTIONS -DFOREGROUND
DEBUG:systemctl:can not expand $OPTIONS
INFO:systemctl:notify start '/usr/sbin/httpd' '-DFOREGROUND'
INFO:systemctl:notify started PID 7688
DEBUG:systemctl:writing to /run/httpd.service.status
        MainPID=7688
DEBUG:systemctl:okay, waiting on socket for 90.0s
INFO:systemctl:wait $NOTIFY_SOCKET, timeout 90.0 (lapse 3)
DEBUG:systemctl:read_notify_socket(44):RELOADING=1|STATUS=Reading configuration...|
DEBUG:systemctl:seen notify  ---      :STATUS=Reading configuration...
DEBUG:systemctl:read_notify_socket(44):RELOADING=1|STATUS=Reading configuration...|
DEBUG:systemctl:seen notify  ---      :STATUS=Reading configuration...
DEBUG:systemctl:read_notify_socket(37):READY=1|STATUS=Configuration loaded.|
DEBUG:systemctl:seen notify  ---      :READY=1
DEBUG:systemctl:seen notify  ---      :STATUS=Configuration loaded.
DEBUG:systemctl:read_notify_socket(58):READY=1|STATUS=Started, listening on: port 80|MAINPID=7688
DEBUG:systemctl:seen notify   -2      :READY=1
DEBUG:systemctl:seen notify   -2      :STATUS=Started, listening on: port 80
DEBUG:systemctl:seen notify   -2      :MAINPID=7688
DEBUG:systemctl:notify = {'RELOADING': '1', 'STATUS': 'Started, listening on: port 80', 'READY': '1', 'MAINPID': '7688'}
INFO:systemctl:notify start done 7688

and the processes are indeed present:

]# ps -eaf | grep 7688
root      7688     1  0 12:07 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    7689  7688  0 12:07 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    7690  7688  0 12:07 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    7691  7688  0 12:07 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    7692  7688  0 12:07 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND

[gdraheim]

The "el9" points to a redhat-9 ... however the test on almalinux:9.4 works. That does not sound like I can easily reproduce the problem.

https://github.com/gdraheim/docker-systemctl-replacement/blob/develop/tests/httpd-alma9.dockerfile

[rickyn-croesus]

sorry, I forgot to specify the distribution:

This is actually on a rockylinux 9.5 install:

FROM docker.io/rockylinux/rockylinux:9.5

versions:

# cat /etc/os-release 
NAME="Rocky Linux"
VERSION="9.5 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.5"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.5 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
VENDOR_NAME="RESF"
VENDOR_URL="https://resf.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.5"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.5"