ISPconfig3.2.1 /var/log/ispconfig/cron.log is flooded with messages (14G!!)

Discussion in 'Developers' Forum' started by skylite, Dec 8, 2020.

  1. skylite

    skylite New Member

    After I upgraded to ISPConfig 3.2.1 my /var/log/ispconfig/cron.log file started flooding the following messages:

    Code:
    ...
    Tue Dec 8 11:23:45 CET 2020 PHP  47. unlink() /usr/local/ispconfig/server/lib/classes/system.inc.php:1025
    Tue Dec 8 11:23:45 CET 2020 PHP Warning:  unlink(/var/www/clients/client1/web4/sys/block/dm-0/bdi/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/
    subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/11:0/subsystem/253:5/subsystem/7:7/subsystem/7:5/subsystem/253:9/subsyste
    m/253:6/subsystem): Operation not permitted in /usr/local/ispconfig/server/lib/classes/system.inc.php on line 1025
    Tue Dec 8 11:23:45 CET 2020 PHP Stack trace:
    Tue Dec 8 11:23:45 CET 2020 PHP   1. {main}() /usr/local/ispconfig/server/cron.php:0
    Tue Dec 8 11:23:45 CET 2020 PHP   2. cronjob_jailkit_maintenance->run() /usr/local/ispconfig/server/cron.php:116
    Tue Dec 8 11:23:45 CET 2020 PHP   3. cronjob_jailkit_maintenance->onRunJob() /usr/local/ispconfig/server/lib/classes/cronjob.inc.php:87
    Tue Dec 8 11:23:45 CET 2020 PHP   4. system->update_jailkit_chroot() /usr/local/ispconfig/server/lib/classes/cron.d/600-jailkit_maintenance.inc.php:116
    Tue Dec 8 11:23:45 CET 2020 PHP   5. system->remove_broken_symlinks() /usr/local/ispconfig/server/lib/classes/system.inc.php:2640
    Tue Dec 8 11:23:45 CET 2020 PHP   6. system->remove_broken_symlinks() /usr/local/ispconfig/server/lib/classes/system.inc.php:1022
    Tue Dec 8 11:23:45 CET 2020 PHP   7. system->remove_broken_symlinks() /usr/local/ispconfig/server/lib/classes/system.inc.php:1022
    Tue Dec 8 11:23:45 CET 2020 PHP   8. system->remove_broken_symlinks() /usr/local/ispconfig/server/lib/classes/system.inc.php:1022
    ...
    As you can see I have to use sys inside the jailkit of some websites in order for the jailkit users to be able to use node, npm and other cli tools.
    After I unmounted /var/www/clients/client1/web4/sys and all the other mounts like this for other websites, the cron was able to finish.
    However this is not ideal as the jailkit users need these mountpoints in their jail.
     
  2. nhybgtvfr

    nhybgtvfr Active Member

    you shouldn't need any symlinks to sys for nodejs or npm, or any cli tools that i'm aware of.

    you can just install nodejs, npm, composer, wp-cli etc on the server normally, just as you would any other package.
    and then add them as sections to your jk_init.ini file.
    then add them as Jailkit chroot app sections in system->server config->server->jailkit or in sites->websites->'sitename'->options

    if you search on this site, the jailkit config for them has been posted in a couple of different threads.
     
  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    node/npm is also included in jk_init.ini in nightly builds (so will be in 3.2.2).

    To stop the messages being printed right now, try putting an ampersand on the unlink() call on line 1025 (ie.: @unlink ("$path/$object"); ).

    As to the overall scenario, it will need a bit more thought/research. Possibly sys should not be listed as a jailkit_dir (as proc is not listed), or maybe those should both be considered specially (if it is a mount point, don't process, if a normal directory, do ?).
     
  4. skylite

    skylite New Member

    Thanks. Putting it this way I can't even remember why I needed /sys to be mounted inside the jails. Everything seems to be working fine without it. I unmounted it from every jail permanently.
    I still need the following mount points inside the jail. Will any of these cause any problems?
    /proc
    /dev/pts (for tmux)
    /var/run/mysqld
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I don't know of any problems in the jailkit cleanup with those. /proc isn't handled at all, and /dev/pts is just a directory with character devices and bind mounting (I assume, for the socket) the /var/run/mysqld dir shouldn't cause a problem for maintenance (possibly for removing the jail).

    As for any other type of problem, adding /proc certainly has security implications.
     
  6. skylite

    skylite New Member

    Thanks for the help!
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

Share This Page