Process quitting on startup on RHEL7

[BenasB]

Hi, I am trying to start the container on RHEL7 using the default

docker run -d \
    -p 21:21 \
    -p 21000-21010:21000-21010 \
    -e USERS="one|1234" \
    -e ADDRESS=ftp.site.domain \
    delfer/alpine-ftp-server

But the container exits instantly and outputs:

Changing password for one
New password:
Bad password: too short
Retype password:
passwd: password for one changed by root
seems like pidfd_open syscall does not work, falling back to polling
failed to watch for direct child exit (pidfd_open error): Operation not permitted
process has died, quitting

I also tried the same on a Windows machine and it works there just fine. Maybe someone has come across this before or have an idea why this might be happening?

[egorov]

On Linux Mint 21 vsftpd process does not start at all. I used same command as @BenasB and container starts. But when I run ps command in container I see there is no vsftpd process running:

/ # ps
PID   USER     TIME  COMMAND
    1 root      0:00 /sbin/tini -- /bin/start_vsftpd.sh
    7 root      0:00 pidproxy /var/run/vsftpd/vsftpd.pid true
   36 root      0:00 sh
   42 root      0:00 ps

If I start vsftpd /etc/vsftpd/vsftpd.conf manually in container and try to connect to ftp, it does not allow you to download or upload files:

Connected to localhost.
220 Welcome Alpine ftp server https://hub.docker.com/r/delfer/alpine-ftp-server/
Name (local-ftp:se): one
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||34886|)
ftp: Can't connect to `127.0.0.1:34886': В соединении отказано
500 Illegal PORT command.
ftp: Can't bind for data connection: Адрес уже используется
ftp> put www.asus.com.txt
local: www.asus.com.txt remote: www.asus.com.txt
500 Illegal PORT command.

[BenasB]

Does ps show background processes? As I understand, vsftpd runs as a background process and a proxy runs in the foreground just so it does not kill the container (docker exits the container when the entrypoint command exits)

[AlexanderHD27]

Similar problem, I start the container, the container gives no error messages what so ever and doesn't exit. But I can't connect and the vsftp process doesn't seam to exist. And no logs are generated. I have seen this problem with multiple docker-images. Could this be a problem with vsftpd? Maybe the vsftpd container died silently in the background?

[anne-mrl]

Hi everyone, Similar problem on RHEL8, except that error messages are a bit different and container is still alive:

Changing password for one
New password:
Retype password:
passwd: password for one changed by root
pidfd_open syscall is not supported, falling back to polling
failed to watch for direct child exit (pidfd_open error): Function not implemented
got signal 15
process has died, quitting
deluser: can't find one in /etc/group

[delfer]

Hello! Which version of Docker do you use? It can be an issue for versions older then 20.10.0 https://github.com/moby/moby/pull/41665

[anne-mrl]

Thanks for your quick reply!

I'm using a newer version, please find here Docker details:

Client: Docker Engine - Community
 Version:           24.0.4
 API version:       1.43
 Go version:        go1.20.5
 Git commit:        3713ee1
 Built:             Fri Jul  7 14:52:00 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.4
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.5
  Git commit:       4ffc614
  Built:            Fri Jul  7 14:51:01 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

EDIT: I used docker image on Ubuntu 22.04.2 LTS and it works fine

[anne-mrl]

Hi, We tried again on Ubuntu 22.04.2: everything works well BUT container logs are similar with logs of container running on RHEL8. I don't understand what's happening: no log about pidfd_open syscall, but user can't be find in /etc/group. When I type pstree in both containers shell (running on RHEL8 and Ubuntu), vsftpd appears.

Logs of container running on Ubuntu:

Changing password for one
New password: 
Retype password: 
passwd: password for one changed by root
got signal 15
monitored pid 29 exited, quitting
deluser: can't find one in /etc/group

EDIT: I took a look this morning with a colleague, it seems that error found in container's logs about user not found in /etc/group is due to vsftpd is using virtual users. So there is no link with docker image is running well on Ubuntu and doesn't work on RHEL.

[delfer]

@anne-mrl do you have enabled selinux on Centos? Can you try to disable it?

sestatus
sudo setenforce 0
# Open the /etc/selinux/config file and set the SELINUX mod to disabled
sudo shutdown -r now
sestatus

[anne-mrl]

@anne-mrl do you have enabled selinux on Centos? Can you try to disable it?

sestatus
sudo setenforce 0
# Open the /etc/selinux/config file and set the SELINUX mod to disabled
sudo shutdown -r now
sestatus

I forgot to write it but we also tried this last week, same result it doesn't work

[anne-mrl]

Hi @delfer,

Good news, we solved this issue by disabling RHEL internal firewall systemctl stop firewalld Company uses a lot of external firewalls so there is no rule for RHEL internal firewall. As we are actually running in a new sandbox environment, firewall was activated.

However, firewalld should stay enabled systemctl enable firewalld When we did systemctl disable firewalld following error occurs: ftp: Can't connect to 'XXX.XXX.XXX.XXX:XXX:XXX': No route to XXX