Error mounting jail dir

Error mounting jail dir

Pius Onobhayedo-mit -
Antal besvarelser: 6
I have installed VPL Jail System 3.0.1 and never managed to get it to start. When I run systemctl status vpl-jail-system.service the feedback indicates Error mounting jail dir as shown below:

"

vpl-jail-system.service - VPL Jail System Service

     Loaded: loaded (/etc/systemd/system/vpl-jail-system.service; enabled; vendor preset: enabled)

     Active: failed (Result: exit-code) since Tue 2023-09-12 15:14:57 UTC; 14s ago

       Docs: https://github.com/jcrodriguez-dis/vpl-xmlrpc-jail

             https://vpl.dis.ulpgc.es

    Process: 4586 ExecStart=/usr/sbin/vpl/vpl-jail-system start (code=exited, status=1/FAILURE)

    Process: 4654 ExecStopPost=/usr/sbin/vpl/vpl-jail-system stop (code=exited, status=0/SUCCESS)

"


I have tried it on both CentOS and ubuntu and I get the same error.

What could be the problem?
Gennemsnitsbedømmelse: -
I svar til Pius Onobhayedo

Re: Error mounting jail dir

Pius Onobhayedo-mit -
Additional info: The log file /var/log/vpl-jail-service.log shows 

"
mount: /var/vpl-jail-system: cannot mount /var/vpl-jail-system.fs read-only.
mount: /jail: WARNING: device write-protected, mounted read-only.
...
umount: /jail/run/lock: block devices are not permitted on filesystem.


I am using Proxmox provisioned virtual instances.
Gennemsnitsbedømmelse: -
I svar til Pius Onobhayedo

Re: Error mounting jail dir

Juan Carlos Rodríguez-del-Pino-mit -
Particularly helpful Moodlers-ip assinga Plugin developers-ip assinga
It seems that the issue is related to the file system type and permissions. Proxmox might be provisioning virtual instances with a file system or storage configuration that is restricting the required mount operations for the VPL-jail system.

As a potential solution:
1. Ensure that the virtual disk provided by Proxmox to your instances allows read/write operations.
2. Consider choosing a different storage type or configuration in Proxmox that supports the required mount operations for the VPL-jail system.
3. Ensure that any security or permission configurations in Proxmox are not inhibiting the operations of the VPL-jail system.

I hope this helps in resolving the issue.

Kind regards,
Juan Carlos.
Gennemsnitsbedømmelse: -
I svar til Juan Carlos Rodríguez-del-Pino

Re: Error mounting jail dir

Pius Onobhayedo-mit -
Thanks for the feedback.

I have crosschecked with mount -v on terminal and I can see the statement:  

tmpfs on /var/vpl-jail-system type tmpfs (rw,relatime,size=39527224k,uid=100000,gid=100000) 

which suggests a read-write mount.

Despite the reported rw mount, it appears that VPL-system is getting or acting on a wrong feedback. I even tried to write to the directory manually with touch /var/vpl-jail-system test.txt and the file was successfully created. Still cannot figure out the incompatibility with the environment that is making the VPL-system see a write-protected mount.
Gennemsnitsbedømmelse: -
I svar til Pius Onobhayedo

Re: Error mounting jail dir

Juan Carlos Rodríguez-del-Pino-mit -
Particularly helpful Moodlers-ip assinga Plugin developers-ip assinga
Dear Pius,

In order to conduct a more thorough investigation into the issue you're encountering with the VPL Jail System, I would require some additional details. This would greatly assist in pinpointing potential misconfigurations or compatibility issues:

Operating System Version: Could you kindly provide the exact version of the operating systems you've tried (both CentOS and Ubuntu)? This will help ascertain if there are any known compatibility issues with those specific versions.

VPL Jail System Configuration: Please share the configuration settings of the VPL Jail System. If there are any sensitive or private details in the configuration, you may omit them or replace them with placeholders. Ensure that you provide details related to file system mounts, permissions, and any other settings that might be relevant to this issue.

Service Details: It would also be beneficial to know how the VPL Jail System service is being started. Is it being initiated automatically upon boot, or are you starting it manually? Additionally, please provide any service override configurations, if they exist.

Recent Changes: Were there any recent updates or changes made to the system prior to the appearance of this issue? Sometimes, even unrelated changes might have unforeseen consequences.

Once I have this information, I'll be in a better position to further diagnose the problem and offer potential solutions.

Best regards,
Juan Carlos.
Gennemsnitsbedømmelse: -
I svar til Juan Carlos Rodríguez-del-Pino

Re: Error mounting jail dir

Pius Onobhayedo-mit -
Here you are ...
1. Operating System versions: Ubuntu 20.04 LTS and CentOS Linux release 7.9.2009
2. VPL Jail System Configuration: [Here I am using default values as shown below]
# CONFIGURATION FILE OF vpl-jail-system
#
# Format VAR=VALUE #no space before and after "="
# To apply changes you must restart the service using
# "systemctl restart vpl-jail-system" or "service vpl-jail-system restart"


#JAILPATH set the jail path


JAILPATH=/jail

#MIN_PRISONER_UGID set start first user id for prisoners

MIN_PRISONER_UGID=10000


#MAX_PRISONER_UGID set the last user id for prisoners

MAX_PRISONER_UGID=12000



#MAXTIME set the maximum time for a request in seconds


MAXTIME=1800


#Maximum file size in bytes


#MAXFILESIZE=64000000


#Maximum memory size in bytes


#MAXMEMORY=2000000


#Maximum number of process


#MAXPROCESSES=500


#Path to control directory. the system save here information of request in progress


#CONTROLPATH="/var/vpl-jail-system"

#Limit the servers from we accept a request


#IP or net (type A, B and C) separate with spaces

#Format IP: full dot notation. Example: 128.122.11.22


#Format net: dot notation ending with dot. Example: 10.1.

#TASK_ONLY_FROM=10.10.3.



#To serve only to one interface of your system


#INTERFACE=128.1.1.1


#Socket port number to listen for connections (http: and wssmile


#default 80. 0 removes

#PORT=80



#Socket port number to listen for secure connections (https: and wsssmile


#default 443

#SECURE_PORT=443



#URL path for task request


#act as a password, if no matches with the path of the request then it's rejected

URLPATH=/



#FIREWALL=0|1|2|3|4


#0: No firewall

#1: VPL service+DNS+internet access


#2: VPL service+DNS+Limit Internet to port 80 (super user unlimited)

#3: VPL service+No external access (super user unlimited)


#4: VPL service+No external access

#Note: In level 4 stop vpl-jail-system service to update/upgrade the system


#Note: Don not use in CentOS

#default level 0


FIREWALL=0


#ENVPATH is environment PATH var set when running tasks


#IMPORTANT: If you are using RedHat or derived OSes you must set this parameter to the

#PATH environment variable of common users (not root) example


#ENVPATH=/usr/bin:/bin


#LOGLEVEL is the log level of the program


#From 0 to 8. 0 minimum log to 8 maximum log and don't removes prisoners home dir.

#IMPORTANT: Do not use high loglevel in production servers, you will get pour performance


#default level 3


#FAIL2BAN is a numeric parameter to ban IPs based on the number of failed requests


# 0: disable banning

# The banning criteria is the number of fail > 20 * FAIL2BAN and more failed requests that successful requests.


# The fail counter are reset every five minutes. The banning last five minutes.

#default 0


#FAIL2BAN=0


#USETMPFS This switch allows the use of the tmpfs for "/home" and the "/dev/shm" directories


#Changes this switch to "false" can degrade the performance of the jail system .

#To deactivate set USETMPFS=false


#USETMPFS=true

#HOMESIZE The limits of modifications of the "duplicate" directory the default value is 30% of the system memory


# or 2Gb if USETMPFS=false

#HOMESIZE=30%


#HOMESIZE=2G

#SHMSIZE The size of the "/dev/shm" directory he default value is 30% of the system memory


#This option is applicable if using tmpfs file system for the "/dev/shm" directory

#SHMSIZE=30%



#ALLOWSUID This switch allows the execution of programs with a suid bit inside the jail.


#This may be a security threat, use at your own risk. To activate set ALLOWSUID=true

#ALLOWSUID=false



#SSL_CIPHER_LIST This parameters specifies ciphering optiosn for SSL.


#In case of wanting to have Forward Secrecy the option must be: ECDHE

#SSL_CIPHER_LIST=



#SSL_CIPHER_SUITES This parameters configure the available TLSv1.3 ciphersuites.


#The parameter is a colon (":") separated TLSv1.3 ciphersuite names in order of preference.

#SSL_CIPHER_SUITES=



#HSTS_MAX_AGE HTTP Strict-Transport-Security. Set max-age of the Strict-Transport-Security header.


#Must be a nonnegative number. Must be combined with PORT=0. Default none.

#HSTS_MAX_AGE=31536000



#SSL_CERT_FILE Indicates the path to the server's certificate


# If your Certification Authority is not a root authority

# you may need to add the chain of certificates of the intermediate CAs to this file.


#SSL_CERT_FILE=/etc/vpl/cert.pem.


#SSL_KEY_FILE Indicates the path to the server's private key

#SSL_KEY_FILE=/etc/vpl/key.pem

3. Service Details. Service attempts to start automatically but fails. I did not modify the script. The service also fails to start when I manually run systemctl start vpl-jail-system.service.

4. Recent Changes: No recent changes. Fresh install.

Gennemsnitsbedømmelse: -
I svar til Pius Onobhayedo

Re: Error mounting jail dir

Pius Onobhayedo-mit -
I have tried it in another server environment and the service started up as expected. I am still curious though to know why the other Proxmox environment was problematic
Gennemsnitsbedømmelse: -