linuxtomcatserverdebiansystemctl

Tomcat9 Failed at step NAMESPACE

My OS is Debian 10 (Buster), 4.19 kernel, and Tomcat9 seems to be unstable.

I don't want to see any error messages when I run the 'systemctl status tomcat9.service' command.

but, 'systemctl status tomcat9.service' command is print an error message.

● tomcat9.service - Apache Tomcat 9 Web Application Server
   Loaded: loaded (/lib/systemd/system/tomcat9.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2020-03-03 21:02:15 KST; 12min ago
     Docs: https://tomcat.apache.org/tomcat-9.0-doc/index.html
  Process: 25999 ExecStartPre=/usr/libexec/tomcat9/tomcat-update-policy.sh (code=exited, status=226/NAMESPACE)

Mar 03 21:02:15 doonas.com systemd[1]: Starting Apache Tomcat 9 Web Application Server...
Mar 03 21:02:15 doonas.com systemd[25999]: tomcat9.service: Failed to set up mount namespacing: No such file or directory
Mar 03 21:02:15 doonas.com systemd[25999]: tomcat9.service: Failed at step NAMESPACE spawning /usr/libexec/tomcat9/tomcat-update-policy.sh
Mar 03 21:02:15 doonas.com systemd[1]: tomcat9.service: Control process exited, code=exited, status=226/NAMESPACE
Mar 03 21:02:15 doonas.com systemd[1]: tomcat9.service: Failed with result 'exit-code'.
Mar 03 21:02:15 doonas.com systemd[1]: Failed to start Apache Tomcat 9 Web Application Server.

However, despite the error message, I have confirmed that the webpage is working properly.

I don't know why this is happening.

I tried to solve the problem.

  1. shutdown.sh, startup.sh have been activated.

but, it still doesn't work.

root@doonas:/usr/share/tomcat9/bin# bash shutdown.sh
Using CATALINA_BASE:   /usr/share/tomcat9
Using CATALINA_HOME:   /usr/share/tomcat9
Using CATALINA_TMPDIR: /usr/share/tomcat9/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/share/tomcat9/bin/bootstrap.jar:/usr/share/tomcat9/bin/tomcat-juli.jar
NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jav                                                                                     a.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Mar 03, 2020 9:14:13 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: No shutdown port configured. Shut down server through OS signal. Server not shut down.
root@doonas:/usr/share/tomcat9/bin# bash startup.sh
Using CATALINA_BASE:   /usr/share/tomcat9
Using CATALINA_HOME:   /usr/share/tomcat9
Using CATALINA_TMPDIR: /usr/share/tomcat9/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/share/tomcat9/bin/bootstrap.jar:/usr/share/tomcat9/bin/tomcat-juli.jar
Tomcat started.
  1. I modified the symbolic link by referring to the this link.

He said "Tomcat is sandboxed by systemd and only has write access to the following directories"

but, it still doesn't work.

root@doonas:/var/lib/tomcat9# ls -l
total 12
drwxr-xr-x 2 root   root   4096 Mar  3 21:00 conf
drwxr-xr-x 2 tomcat tomcat 4096 Jun 14  2019 lib
lrwxrwxrwx 1 root   root     16 Mar  3 20:48 logs -> /var/log/tomcat9
drwxr-xr-x 2 root   root   4096 Feb 18 13:31 policy
lrwxrwxrwx 1 root   root     19 Mar  3 20:48 work -> /var/cache/tomcat9/
root@doonas:/var/lib/tomcat9# ls -l conf/Catalina
lrwxrwxrwx 1 root root 21 Mar  3 21:00 conf/Catalina -> /etc/tomcat9/Catalina

Here's my Tomcat9 information.

CATALINA_BASE is /usr/share/tomcat9.

root@doonas:/usr/share/tomcat9# ls -l
total 24
drwxr-xr-x 2 root root 4096 Feb 17 10:37 bin
lrwxrwxrwx 1 root root   13 Mar  3 21:14 conf -> /etc/tomcat9/
-rw-r--r-- 1 root root 1017 Jun  3  2019 default.template
drwxr-xr-x 2 root root 4096 Feb 17 10:37 etc
drwxr-xr-x 2 root root 4096 Feb 17 10:37 lib
-rw-r--r-- 1 root root  133 Apr  1  2019 logrotate.template
lrwxrwxrwx 1 root root   21 Mar  3 21:10 logs -> /var/lib/tomcat9/logs
lrwxrwxrwx 1 root root   23 Mar  3 21:10 policy -> /var/lib/tomcat9/policy
drwxr-xr-x 5 root root 4096 Feb 17 10:37 skel
lrwxrwxrwx 1 root root   21 Mar  3 21:10 work -> /var/lib/tomcat9/work
root@doonas:/usr/share/tomcat9# ls -l /etc/tomcat9/
total 208
drwxrwxr-x 3 root tomcat   4096 Feb 18 13:26 Catalina
-rw-r----- 1 root tomcat   7483 Feb  4  2019 catalina.properties
-rw-r----- 1 root tomcat   1400 Jul  5  2017 context.xml
-rw-r----- 1 root tomcat   1149 Nov 21  2017 jaspic-providers.xml
-rw-r----- 1 root tomcat   2799 Jun 14  2019 logging.properties
drwxr-xr-x 2 root tomcat   4096 Feb 17 10:37 policy.d
-rw-r----- 1 root tomcat   7638 Feb 18 13:08 server.xml
-rw-r----- 1 root tomcat   2286 Feb 18 10:49 tomcat-users.xml
-rw-r----- 1 root tomcat 170202 Nov 18  2017 web.xml
root@doonas:/usr/share/tomcat9# ls -l /var/lib/tomcat9/
total 12
drwxr-xr-x 2 root   root   4096 Mar  3 21:00 conf
drwxr-xr-x 2 tomcat tomcat 4096 Jun 14  2019 lib
lrwxrwxrwx 1 root   root     16 Mar  3 20:48 logs -> /var/log/tomcat9
drwxr-xr-x 2 root   root   4096 Feb 18 13:31 policy
lrwxrwxrwx 1 root   root     19 Mar  3 20:48 work -> /var/cache/tomcat9/
root@doonas:/usr/share/tomcat9# ls -l /etc/tomcat9/
Catalina/             context.xml           logging.properties    server.xml            web.xml
catalina.properties   jaspic-providers.xml  policy.d/             tomcat-users.xml
Solution

  • I had the same issue with Tomcat in an LXC container. Per Alex's answer, I verified that all ReadWritePaths existed, but it still didn't help.

    For some reason, enabling nesting in LXC helped (source).

    If you are using Proxmox, you can enable it like this:

    pct set <id> -features nesting=1