Archive for the ‘Linux’ Category

systemd: Failed at step NAMESPACE spawning …: Operation not permitted

Thursday, September 25th, 2014

If systemd refuses to start a service, and gives you a message like this:

Sep 25 17:22:11 mus systemd[1234]: Failed at step NAMESPACE spawning /usr/bin/whatever: Operation not permitted

… then you might have a symlink as your /var/tmp.  Make it a real directory, or mount -o bind /tmp onto it.  Then systemd can work.  (In /etc/fstab, add a line, “/tmp /var/tmp ext3 rbind defaults,rbind 0 3”, where the final 3 is a number higher than your /tmp and /var mount at.  I fully expect this to confuse SuSE’s upgrader later, but I can deal with that then.)

This only happens if something uses the

PrivateTmp=true

option in the service file.

SuSE’s exim does this.  Others do it for CUPS or httpd.

Once again, systemd comes along and screws up a working system, and provides no feedback about what or why or how.  This time searching the Internet wasn’t even useful.  I’m so glad I found this bug.

The author (in a post I can not now find) says, “I see no reason to support /var/tmp as a symlink.”  Lucky you!  I do!  What is the reason not to, and is it worth breaking Linux machines that have run for years this way?

Why, you ask, do you want a symlink for /var/tmp?

I don’t want to create a second /tmp partition.  I use a separate partition for /tmp, so I can set nodev,noexec,nosuid on it.  I’ve had security problems in the past from things executing a payload on /tmp – never again.  It’s saved me more than once now.

I want /var/tmp to get that same protection, so it’s a symlink.  Symlinks are standard Unix stuff, they’re well understood and work for simple things like this.

So, not only did you break a validly configured system because you’re a bunch of thoughtless, inexperienced jerks, you gave the world’s most useless error message in doing so!

I really want to like systemd.  I think it’s trying to do good things.  But the people around it, and the complete lack of availability of information it gives you are making that very, very hard.  OpenBSD is looking better and better.

Upgrading Databases

Sunday, October 27th, 2013

In the middle of a large upgrade process to the home server.  Kind of a mess, but things are coming back up.

When upgrading databases, use the old, running version to make a DB dump BEFORE you upgrade the software.  I’ve just had to struggle with getting an old version of Firebird to run so I could read the databases.  Then, I had to do the same thing with PostgreSQL. (more…)

Clean the Golden Fingers

Sunday, October 13th, 2013

Had a power outage at early o’clock this morning.  Got up, shut everything down before the UPS’s died.  One of our servers is too big for the UPS and I’ll have to fix that.  Went back to bed.

When I got up, I started booting everything.  The server with the too-small UPS came up fine, but the Web/Internet server didn’t.  Which is odd, because I powered it down before the UPS went out.  (OS crashed, but power-down was normal.)

When I powered it up, I got beep codes.  Ugh.  Long, two short, then a lower sort of “doo doot” tone.  Dug around the Internet to figure out what the meant on this motherboard, and found this gem on Asus’s support site:

Memory issue: Beep (1 long 2 short)

  1. Clean the Golden Finger of memory
  2. Clean the memory slots
  3. Leave only one memory stick to test
  4. If convenient, please change different memory to test again

All the directions were to “clean the Golden Finger of” some part.

I knew what they meant despite the excellent translation.  It was no help and I had to install my spare.

“Clean the Golden Finger” though.  Made the morning tolerable.

/usr must be on the root partition now

Saturday, August 17th, 2013

Modern linux builds apparently require /usr to be on the same partition as /.  They send you to a smug and self-congradulatory web page explaining that it’s because you old farts suck.

My view is that it’s because the authors of udev and systemd are idiots who don’t know what /usr is for and ignored it, leading to unbootable systems.  And then they won’t fix it because they don’t care that some people have been using that configuration for ten years.

Thanks for nothing, twerps.

Oh!  I wonder if that’s what screwed up the upgrade to SuSE 12.2 on my Internet-facing server.  It’s had a separate /usr partition for years, and upgrading to 12.2 screwed it up amazingly. Going back to init.d from systemd let it boot, and it’s still that way. I wonder if moving /usr to / would fix that.