由於 status=227/NO_NEW_PRIVILEGES [已關閉]，redis-server 在 Debian 10 上無法作為服務啟動

2024-6-12 • tag-icon

由於 status=227/NO_NEW_PRIVILEGES [已關閉]，redis-server 在 Debian 10 上無法作為服務啟動

我有一個 Debian 10，在 Digital Ocean Droplet 上，我正在嘗試安裝並運行 Redis 作為服務，但由於與 NoNewPriviliges 相關的錯誤，該服務無法啟動。

我已經審查過類似的問題這裡，但嘗試沒有產生任何改變。

我很難調試這個。我試過閱讀此內容，但我不明白問題出在哪裡。

的輸出systemctl status redis-server.service給了我以下輸出：

● redis-server.service - Advanced key-value store
   Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2020-08-09 08:41:06 UTC; 53s ago
     Docs: http://redis.io/documentation,
           man:redis-server(1)
  Process: 9553 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf (code=exited, status=227/NO_NEW_PRIVILEGES)

該/lib/systemd/system/redis-server.service文件如下所示：

[Unit]
Description=Advanced key-value store
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]
Type=forking
ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
ExecStop=/bin/kill -s TERM $MAINPID
PIDFile=/run/redis/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis
Group=redis
RuntimeDirectory=redis
RuntimeDirectoryMode=2755

UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome=yes
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/redis
ReadWriteDirectories=-/var/log/redis
ReadWriteDirectories=-/var/run/redis

NoNewPrivileges=true
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX

# redis-server can write to its own config file when in cluster mode so we
# permit writing there by default. If you are not using this feature, it is
# recommended that you replace the following lines with "ProtectSystem=full".
ProtectSystem=true
ReadWriteDirectories=-/etc/redis

[Install]
WantedBy=multi-user.target
Alias=redis.service

相關內容