search

docker-library / httpd

Docker Official Image packaging for Apache HTTP Server
https://httpd.apache.org
Apache License 2.0
309 stars 347 forks source link

Operation not permitted: AH00480: ap_thread_create: unable to create worker thread #238

Closed j3mdamas closed 9 months ago

j3mdamas commented 1 year ago

Hi,

I am using library/httpd mostly for tests.

An older image, from 5 months ago (ID: 6e794a483258) works perfectly:

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jun 27 14:44:13.925575 2023] [mpm_event:notice] [pid 1:tid 47192539970880] AH00489: Apache/2.4.55 (Unix) configured -- resuming normal operations
[Tue Jun 27 14:44:13.938989 2023] [core:notice] [pid 1:tid 47192539970880] AH00094: Command line: 'httpd -D FOREGROUND'
10.0.2.2 - - [27/Jun/2023:14:44:22 +0000] "GET / HTTP/1.1" 200 45
10.0.2.2 - - [27/Jun/2023:14:44:29 +0000] "GET / HTTP/1.1" 200 45

But the latest (ID: ad303d7f80f9) fails with the following:

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jun 27 14:37:58.705484 2023] [mpm_event:notice] [pid 1:tid 46943112378240] AH00489: Apache/2.4.57 (Unix) configured -- resuming normal operations
[Tue Jun 27 14:37:58.707605 2023] [core:notice] [pid 1:tid 46943112378240] AH00094: Command line: 'httpd -D FOREGROUND'
[Tue Jun 27 14:37:58.705804 2023] [mpm_event:alert] [pid 8:tid 46943112378240] (1)Operation not permitted: AH00480: ap_thread_create: unable to create worker thread
[Tue Jun 27 14:37:58.706554 2023] [mpm_event:alert] [pid 10:tid 46943112378240] (1)Operation not permitted: AH00480: ap_thread_create: unable to create worker thread
[Tue Jun 27 14:37:58.706543 2023] [mpm_event:alert] [pid 9:tid 46943112378240] (1)Operation not permitted: AH00480: ap_thread_create: unable to create worker thread
[Tue Jun 27 14:38:00.709721 2023] [mpm_event:alert] [pid 1:tid 46943112378240] AH02324: A resource shortage or other unrecoverable failure was encountered before any child process initialized successfully... httpd is exiting!
nextstage-brasil commented 1 year ago

i have same problem... when use "privileged: true" is running..

i changed FROM httpd:2.4 to FROM httpd:2.4-bullseye

httpd:2.4 was updated to debian 12 ... bookworm

tianon commented 1 year ago

This is going to be a seccomp-related failure -- you'll want to update libseccomp2, Docker, and runc on your host.

You definitely don't want to run this image with privileged. A more reasonable smaller security boundary removal would be --security-opt seccomp=unconfined. A similar temporary workaround would be downgrading to the (now unsupported) -bullseye image variant.

j3mdamas commented 1 year ago

@tianon thanks for the answer, at least I have some extra information on it. My system is legacy system that I cannot update at the moment, which has libseccomp version 2.3.1. I also am running this on rootless containers, if that's relevant. I guess it will be solved when I upgrade my system. For now, I'll use older versions of the container in this system.

ianso-msf commented 1 year ago

Hi everyone,

This caught us too.

Both of the suggestions from @tianon worked as a temporary workaround.