Disabling postgrey did not help. This VPS worked fine when it was still Wheezy and i-mscp 1.3.x series. Considering rolling back to backup before the upgrade. 
Posts by c64wolf
-
-
host node /etc/pve/CTID.conf configuration for the VPS
lxc-container-imscp apparmor config -
More information, in addition I am getting apparmor errors in /var/log/messages inside the container
Code- May 19 16:09:01 web kernel: [335147.880658] audit: type=1400 audit(1495199341.753:872): apparmor="DENIED" operation="file_lock" profile="lxc-container-imscp" pid=26284 comm="(ionclean)" family="unix" sock_type="dgram" protocol=0 addr=none
- May 19 16:18:32 web kernel: [335718.572511] maildrop[28079]: segfault at 0 ip (null) sp 00000000ffee6ccc error 14 in maildrop[8048000+35000]
- May 19 16:18:44 web kernel: [335730.707563] maildrop[28103]: segfault at 0 ip (null) sp 00000000ffabd07c error 14 in maildrop[8048000+35000]
- May 19 16:23:44 web kernel: [336030.869634] maildrop[29013]: segfault at 0 ip (null) sp 00000000fffa851c error 14 in maildrop[8048000+35000]
- May 19 16:28:44 web kernel: [336330.427211] maildrop[29946]: segfault at 0 ip (null) sp 00000000ffefca1c error 14 in maildrop[8048000+35000]
- May 19 16:33:44 web kernel: [336630.799952] maildrop[30916]: segfault at 0 ip (null) sp 00000000ff862b4c error 14 in maildrop[8048000+35000]
- May 19 16:33:44 web kernel: [336630.960986] maildrop[30920]: segfault at 0 ip (null) sp 00000000ffd3d48c error 14 in maildrop[8048000+35000]
-
I managed to upgrade the VPS to Jessie and to 1.4.3 version of i-mscp.
I am having issues with email service. Currently it seems that I am not receiving any emails from outside and mail.log is full of this:
May 19 17:43:44 web postfix/pipe[17219]: F072CC802EF: to=<[email protected]>, relay=maildrop, delay=101193, delays=101193/0.01/0/0.25, dsn=4.3.0, status=deferred (Command died with signal 11: "maildrop")and this
May 19 17:42:39 web imapd-ssl: couriertls: /etc/imscp/imscp_services.pem: error:0906D06C:PEM routines:PEM_read_bio:no start lineAny help? I am using postgrey plugin. As a temporary solution I will disable it now and reboot server.
-
I remember reading from Debian errata that dist-upgrading Wheezy LXC container won't work because it pulls in systemd and breaks things, but I guess it is no longer an issue (looked up the issue and found only this https://www.debian.org/release…n.html#lxc-upgrade-issues). The debian release notes state that I would need to add following to LXC container config for systemd to work in container after upgrade:
I guess this is true for Proxmox host too as it is running systemd and is based on Jessie.
-
Hello,
I am running Debian Wheezy at the moment and planning to upgrade to Jessie because support was dropped in 1.4.x series. I have LXC environment. I was wondering if i-mscp 1.4.x requires systemd or does it work fine with Jessie using sysvinit?
-
There is already a thread opened for those issues. I must investigate.
Thanks for the quick reply. I saw that thread earlier and tried the VE capability trick, but it did not work. I will keep following the situation. I am in no hurry with the VPS transfer to new platform and in worst case I will continue using OpenVZ. However I would like to use i-MSCP with the LXC as I desire newer kernels than the ones provided by OpenVZ.
-
I have also tried to add an empty "lxc.cap.drop:" line to the end of VE LXC configuration to make sure that no capabilities are dropped for the VE. This has not solved the issue either.
-
After reboot it seems that AppArmor did change the profile, but still I am getting same errors about mounting /var/log directories. I did add ro and remount to the mount options of the default-with-nesting apparmor policy and did a reboot again. Still getting this in dmesg:
[ 651.389206] audit: type=1400 audit(1470042501.831:144): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-with-nesting" name="/var/www/virtual/website.org/logs/website.org/" pid=9264 comm="mount" flags="ro, remount, bind"
Display MoreCode: /etc/apparmor.d/lxc/lxc-default-with-nesting- # Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
- # will source all profiles under /etc/apparmor.d/lxc
- profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_deleted) {
- #include <abstractions/lxc/container-base>
- #include <abstractions/lxc/start-container>
- # Uncomment the line below if you are not using cgmanager
- # mount fstype=cgroup -> /sys/fs/cgroup/**,
- deny /dev/.lxc/proc/** rw,
- deny /dev/.lxc/sys/** rw,
- mount fstype=proc -> /var/cache/lxc/**,
- mount fstype=sysfs -> /var/cache/lxc/**,
- mount options=(rw,bind,ro,remount),
- }
-
Tried to add a different AppArmor profile (the one with nesting enabled, it seemed to have proper mount options) to VE configuration file under /etc/pve/local/lxc/<VMID>.conf and even after reload and restart of both the AppArmor and the LXC container it seems that in dmesg there is still A DENIED error and it refers to the old profile. It is as if AppArmor somehow does not honour the configuration files or truly reload them. I will try to reboot the server next.