Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flooded logs: sem_get(): Failed for key 0x7ea: Permission denied at /var/www/html/nextcloud/lib/private/Preview/Generator.php#272 #44578

Open
fuzunspm opened this issue Jul 14, 2023 · 11 comments
Open

Flooded logs: sem_get(): Failed for key 0x7ea: Permission denied at /var/www/html/nextcloud/lib/private/Preview/Generator.php#272 #44578

fuzunspm opened this issue Jul 14, 2023 · 11 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 27-feedback bug feature: previews and thumbnails needs info

Comments

@fuzunspm
Copy link

I'm getting the below error even after removing preview generator

sem_get(): Failed for key 0x7ea: Permission denied at /var/www/html/nextcloud/lib/private/Preview/Generator.php#272

@rwez
Copy link

rwez commented Sep 14, 2023

+1

@joshtrichards
Copy link
Member

This isn't coming from the previewgenerator app (though it may be getting triggered by it I guess).

This is a Nextcloud Server matter, but I have no idea offhand why you'd be getting permission denied from sem_get.

Are you still seeing this? If so, please share the output of occ config:list system since it is related to the preview concurrency mode/ configuration.

I'll also go ahead and move this over to the appropriate repository.

@joshtrichards joshtrichards transferred this issue from nextcloud/previewgenerator Mar 29, 2024
@joshtrichards joshtrichards added bug 0. Needs triage Pending check for reproducibility or if it fits our roadmap feature: previews and thumbnails 27-feedback labels Mar 29, 2024
@joshtrichards joshtrichards changed the title Flooded logs Flooded logs: sem_get(): Failed for key 0x7ea: Permission denied at /var/www/html/nextcloud/lib/private/Preview/Generator.php#272 Mar 29, 2024
@nextcloud-command

This comment was marked as outdated.

Sign in to view
@nextcloud-command nextcloud-command added the stale Ticket or PR with no recent activity label Apr 29, 2024
@Nicosss
Copy link

Nicosss commented Apr 30, 2024

Problem is still present −> sem_get(): Failed for key 0x7ea: Permission denied at /var/www/nextcloud/lib/private/Preview/Generator.php#230

occ config:list system output:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.***REMOVED***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.0.19",
        "overwrite.cli.url": "https:\/\/cloud.***REMOVED***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "filelocking.enabled": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "dbindex": 0,
            "password": "***REMOVED SENSITIVE VALUE***",
            "timeout": 1.5
        },
        "default_phone_region": "FR",
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "tls",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "maintenance_window_start": 1,
        "theme": "",
        "loglevel": 2,
        "twofactor_enforced": "false",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "app_install_overwrite": [
            "quicknotes"
        ]
    }
}

@nextcloud-command nextcloud-command removed stale Ticket or PR with no recent activity needs info labels May 1, 2024
@Remendado
Copy link

Remendado commented May 1, 2024
edited

Problem is still present −> sem_get(): Failed for key 0x7ea: Permission denied at /var/www/nextcloud/lib/private/Preview/Generator.php#230

Same problem

@joshtrichards
Copy link
Member

Best guess:

  • SELinux
  • Something OS specific (e.g. you're running under FreeBSD or maybe WSL)

@HeyHagen
Copy link

HeyHagen commented May 2, 2024

I'm getting the below error even after removing preview generator

sem_get(): Failed for key 0x7ea: Permission denied at /var/www/html/nextcloud/lib/private/Preview/Generator.php#272

I have the same problem running nextcloud 28.0.5 on FreeBSD 13.3

@Nicosss
Copy link

Nicosss commented May 2, 2024

Best guess:

* SELinux

* Something OS specific (e.g. you're running under FreeBSD or maybe WSL)

I found a SELinux AVC in the system logs. This problem appeared with the update from NC 28.0.4.1 to 29.0.0.19. For information, the OS is Fedora Linux. I'll report this bug to https://bugzilla.redhat.com/ .

SELinux is preventing php-fpm from 'unix_read, unix_write' accesses on the semaphore Inconnu.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that php-fpm should be allowed unix_read unix_write access on the Inconnu sem by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
# semodule -X 300 -i my-phpfpm.pp


Additional Information:
Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:system_r:unconfined_service_t:s0
Target Objects                Inconnu [ sem ]
Source                        php-fpm
Source Path                   php-fpm
Port                          <Unknown>
Host                          REMOVED
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-39.5-1.fc39.noarch
Local Policy RPM              selinux-policy-targeted-39.5-1.fc39.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     REMOVED
Platform                      Linux REMOVED 6.8.7-200.fc39.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Wed Apr 17 19:35:11 UTC 2024
                              x86_64
Alert Count                   231
First Seen                    2024-04-24 19:47:49 CEST
Last Seen                     2024-05-02 21:06:07 CEST
Local ID                      cc0e7076-dbd4-4d2c-ae9d-008cf2c7eca7

Raw Audit Messages
type=AVC msg=audit(1714676767.794:12803): avc:  denied  { unix_read unix_write } for  pid=356188 comm="php-fpm" ipc_key=2026  scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=sem permissive=0


Hash: php-fpm,httpd_t,unconfined_service_t,sem,unix_read,unix_write

@sam-harry
Copy link

I have the same problem running nextcloud 28.0.5 on FreeBSD 13.3

In a FreeBSD jail, you have to set sysvsem = new; in your jail.conf so that "the jail will have its own key namespace, and can only see the objects that it has create" from the jail(8) man page.

@Nicosss
Copy link

Nicosss commented May 4, 2024
edited

I found a SELinux AVC in the system logs. This problem appeared with the update from NC 28.0.4.1 to 29.0.0.19.

To be sure, I checked that I had applied all the first recommendations from https://docs.nextcloud.com/server/latest/admin_manual/installation/selinux_configuration.html and it was all good.

I just redid restorecon -Rv '/var/www/html/nextcloud/' pointing to my own installation and after updating a kernel I rebooted. Since then, I haven't had this error, nor the SELinux AVC mentioned.

I'll keep checking to see if it appears again.

@joshtrichards joshtrichards mentioned this issue May 5, 2024
Closed
@HeyHagen
Copy link

HeyHagen commented May 5, 2024

I have the same problem running nextcloud 28.0.5 on FreeBSD 13.3

In a FreeBSD jail, you have to set sysvsem = new; in your jail.conf so that "the jail will have its own key namespace, and can only see the objects that it has create" from the jail(8) man page.

Thank you! It seems that the error is no longer present after activating sysvsem=new for my nextcloud jail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 27-feedback bug feature: previews and thumbnails needs info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@joshtrichards @fuzunspm @sam-harry @Remendado @Nicosss @nextcloud-command @rwez @HeyHagen