Loolwsd doesn't start after upgrade

beccon4 · March 19, 2021, 12:13pm

After updating my Debian 10 NC 21 server, loolwsd fails to start.

systemd[12833]: loolwsd.service: Failed to set up mount namespacing: Permission denied
Mar 19 11:57:52 nextcloud-lxd systemd[12833]: loolwsd.service: Failed at step NAMESPACE spawning /usr/bin/loolwsd: Permission denied

I tried to change the following setting in /etc/systemd/system/multi-user.target.wants/loolwsd.service:

ProtectSystem = no
ProtectHome=no
PrivateTmp=no

and added to ReadWritePaths /etc and /usr/bin (for testing purposes only, of course)

No avail.

What’s wrong?

Log:
Mar 19 11:57:52 nextcloud-lxd systemd[1]: Started Collabora Online WebSocket Daemon.
Mar 19 11:57:52 nextcloud-lxd systemd[12833]: loolwsd.service: Failed to set up mount namespacing: Permission denied
Mar 19 11:57:52 nextcloud-lxd systemd[12833]: loolwsd.service: Failed at step NAMESPACE spawning /usr/bin/loolwsd: Permission denied
Mar 19 11:57:52 nextcloud-lxd systemd[1]: loolwsd.service: Main process exited, code=exited, status=226/NAMESPACE
Mar 19 11:57:52 nextcloud-lxd systemd[1]: loolwsd.service: Failed with result ‘exit-code’.
Mar 19 11:57:52 nextcloud-lxd systemd[1]: loolwsd.service: Service RestartSec=100ms expired, scheduling restart.
Mar 19 11:57:52 nextcloud-lxd systemd[1]: loolwsd.service: Scheduled restart job, restart counter is at 1.
Mar 19 11:57:52 nextcloud-lxd systemd[1]: Stopped Collabora Online WebSocket Daemon.
Mar 19 11:57:52 nextcloud-lxd systemd[1]: Started Collabora Online WebSocket Daemon.
Mar 19 11:57:52 nextcloud-lxd systemd[12836]: loolwsd.service: Failed to set up mount namespacing: Permission denied
Mar 19 11:57:52 nextcloud-lxd systemd[12836]: loolwsd.service: Failed at step NAMESPACE spawning /usr/bin/loolwsd: Permission denied
Mar 19 11:57:52 nextcloud-lxd systemd[1]: loolwsd.service: Main process exited, code=exited, status=226/NAMESPACE
Mar 19 11:57:52 nextcloud-lxd systemd[1]: loolwsd.service: Failed with result ‘exit-code’.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Service RestartSec=100ms expired, scheduling restart.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Scheduled restart job, restart counter is at 2.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Stopped Collabora Online WebSocket Daemon.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Started Collabora Online WebSocket Daemon.
Mar 19 11:57:53 nextcloud-lxd systemd[12839]: loolwsd.service: Failed to set up mount namespacing: Permission denied
Mar 19 11:57:53 nextcloud-lxd systemd[12839]: loolwsd.service: Failed at step NAMESPACE spawning /usr/bin/loolwsd: Permission denied
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Main process exited, code=exited, status=226/NAMESPACE
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Failed with result ‘exit-code’.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Service RestartSec=100ms expired, scheduling restart.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Scheduled restart job, restart counter is at 3.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Stopped Collabora Online WebSocket Daemon.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Started Collabora Online WebSocket Daemon.
Mar 19 11:57:53 nextcloud-lxd systemd[12842]: loolwsd.service: Failed to set up mount namespacing: Permission denied
Mar 19 11:57:53 nextcloud-lxd systemd[12842]: loolwsd.service: Failed at step NAMESPACE spawning /usr/bin/loolwsd: Permission denied
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Main process exited, code=exited, status=226/NAMESPACE
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Failed with result ‘exit-code’.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Service RestartSec=100ms expired, scheduling restart.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Scheduled restart job, restart counter is at 4.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Stopped Collabora Online WebSocket Daemon.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Started Collabora Online WebSocket Daemon.
Mar 19 11:57:53 nextcloud-lxd systemd[12845]: loolwsd.service: Failed to set up mount namespacing: Permission denied
Mar 19 11:57:53 nextcloud-lxd systemd[12845]: loolwsd.service: Failed at step NAMESPACE spawning /usr/bin/loolwsd: Permission denied
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Main process exited, code=exited, status=226/NAMESPACE
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Failed with result ‘exit-code’.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Service RestartSec=100ms expired, scheduling restart.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Scheduled restart job, restart counter is at 5.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Stopped Collabora Online WebSocket Daemon.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Start request repeated too quickly.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: loolwsd.service: Failed with result ‘exit-code’.
Mar 19 11:57:53 nextcloud-lxd systemd[1]: Failed to start Collabora Online WebSocket Daemo

beccon4 · March 19, 2021, 12:34pm

I solved the issue myself:

in /etc/systemd/system/multi-user.target.wants/loolwsd.service I changed:

ProtectSystem=false
ProtectHome=false
PrivateTmp=false
PrivateNetwork=false
ProtectControlGroups=false

I’m not shure whether I configured the service a bit too permissive …