FS#52892 - Fail2ban namespace spawn failed using "Capabilities" step in wiki
Attached to Project:
Community Packages
Opened by vindicator (vindicator) - Wednesday, 08 February 2017, 06:08 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 08 February 2017, 15:30 GMT
Opened by vindicator (vindicator) - Wednesday, 08 February 2017, 06:08 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 08 February 2017, 15:30 GMT
|
Details
Description:
"fail2ban.service: Failed at step NAMESPACE spawning /usr/bin/fail2ban-client: No such file or directory" Additional info: * package version(s) Name : fail2ban Version : 0.9.6-2 * config and/or log files etc. Following https://wiki.archlinux.org/index.php/Fail2ban#Capabilities Reference: https://github.com/fail2ban/fail2ban/issues/1073 capabilities.conf: ***** $ cat /etc/systemd/system/fail2ban.service.d/capabilities.conf [Service] CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW ReadOnlyDirectories=/ ReadWriteDirectories=/var/run/fail2ban /var/lib/fail2ban /var/spool/postfix/maildrop /tmp /var/log/fail2ban ***** journalctl: ***** Feb 07 23:39:47 server systemd[1]: Starting Fail2Ban Service... -- Subject: Unit fail2ban.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit fail2ban.service has begun starting up. Feb 07 23:39:47 server systemd[24180]: fail2ban.service: Failed at step NAMESPACE spawning /usr/bin/fail2ban-client: No such file or directory -- Subject: Process /usr/bin/fail2ban-client could not be executed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- The process /usr/bin/fail2ban-client could not be executed and failed. -- -- The error number returned by this process is 2. Feb 07 23:39:47 server systemd[1]: fail2ban.service: Control process exited, code=exited status=226 Feb 07 23:39:47 server systemd[1]: Failed to start Fail2Ban Service. -- Subject: Unit fail2ban.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit fail2ban.service has failed. -- -- The result is failed. Feb 07 23:39:47 server systemd[1]: fail2ban.service: Unit entered failed state. Feb 07 23:39:47 server systemd[1]: fail2ban.service: Failed with result 'exit-code'. Feb 07 23:39:47 server systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart. Feb 07 23:39:47 server systemd[1]: Stopped Fail2Ban Service. -- Subject: Unit fail2ban.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit fail2ban.service has finished shutting down. Feb 07 23:39:47 server systemd[1]: Starting Fail2Ban Service... ***** Steps to reproduce: |
This task depends upon
Closed by Doug Newgard (Scimmia)
Wednesday, 08 February 2017, 15:30 GMT
Reason for closing: Not a bug
Additional comments about closing: Configuration error
Wednesday, 08 February 2017, 15:30 GMT
Reason for closing: Not a bug
Additional comments about closing: Configuration error
The "NAMESPACE" spawn error seems to relate to the non-existence of a directory.
One might think if a directory doesn't exist, the service capability would just ignore it rather than produce a vague error (not specifying what file or directory does not exist).
The wiki DOES state the postfix directory may be different depending on how it was set up (assuming the application was installed), but the fail2ban log file location defaults to "/var/log". I'm guessing the user may want to adjust the "fail2ban.conf" and set the path to "logtarget = /var/log/fail2ban/fail2ban.log" (just so fail2ban can't write to any other log files in /var/log).