Package: apache2 Version: 2.4.38-2 Severity: normal If apache is not running when apache2ctl graceful is run, it starts the daemon up itself: root@darkstar:~>systemctl stop apache2 root@darkstar:~>apache2ctl graceful httpd not running, trying to start Problem is, that results in an apache daemon running in a cgroup other than the usual systemd cgroup for apache. That prevents systemctl from being used to manage apache. In particular, both systemctl start apache2 and systemctl restart apache2 then silently do nothing and exit 0. Seems this could happen in a race, if something runs apache2ctl graceful just as apache is being upgraded or otherwise restarted, it might see no apache process running and so start its own process up. I keep encountering this problem on a server intermittently. It has resulted for me in apache not loading new letsencrypt certs for long enough that certs have expired, at least twice. I don't entirely understand why, since certbot seems to itself use apache2ctl graceful to reload apache certs. IMHO, apache2ctl should not be starting the daemon itself when systemd is in use; it ought to start it via systemctl or service. And indeed, apache2ctl start already does do that, but the fix for #839227 missed that apache2ctl graceful can also start apache. -- Package-specific info: -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_USER, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.38-2 ii apache2-data 2.4.38-2 ii apache2-utils 2.4.38-2 ii dpkg 1.19.6 ii lsb-base 10.2019031300 ii mime-support 3.62 ii perl 5.28.1-6 ii procps 2:3.3.15-2 Versions of packages apache2 recommends: ii ssl-cert 1.0.39 Versions of packages apache2 suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii chromium [www-browser] 73.0.3683.75-1 ii firefox [www-browser] 66.0.1-1 ii sugar-browse-activity [www-browser] 203-1 ii w3m [www-browser] 0.5.3-37 Versions of packages apache2-bin depends on: ii libapr1 1.6.5-1+b1 ii libaprutil1 1.6.1-3+b2 ii libaprutil1-dbd-sqlite3 1.6.1-3+b2 ii libaprutil1-ldap 1.6.1-3+b2 ii libbrotli1 1.0.7-2 ii libc6 2.28-8 ii libcurl4 7.64.0-2 ii libjansson4 2.12-1 ii libldap-2.4-2 2.4.47+dfsg-3 ii liblua5.2-0 5.2.4-1.1+b2 ii libnghttp2-14 1.37.0-1 ii libpcre3 2:8.39-12 ii libssl1.1 1.1.1b-1 ii libxml2 2.9.4+dfsg1-7+b3 ii perl 5.28.1-6 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii chromium [www-browser] 73.0.3683.75-1 ii firefox [www-browser] 66.0.1-1 ii sugar-browse-activity [www-browser] 203-1 ii w3m [www-browser] 0.5.3-37 Versions of packages apache2 is related to: ii apache2 2.4.38-2 ii apache2-bin 2.4.38-2 -- Configuration Files: /etc/apache2/mods-available/userdir.conf changed [not included] -- no debconf information -- see shy jo
Attachment:
signature.asc
Description: PGP signature