How to Troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS
This document explains common problems that occur on systems that use a jailed shell environment on a Virtuozzo or OpenVZ virtual private server (VPS).
User and mount limits
CentOS 6 and older support a maximum of only 256 jailshell users on a system that uses the Apache mod_ruid2 module. If you encounter this limit, you should consider an upgrade to a newer operating system.
Some customers have reported performance and connection issues when they attempt to mount more than 4000 targets in a Virtuozzo environment. If you encounter this limit and still require a large number of jailshelled users, you should consider a different virtualization platform.
Full /proc mount for jailed shell users
Users on a server may have a full, rather than limited,
/proc mount, even though you select a limited
/proc option for the Jailed
/proc mount method in the System section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This issue allows jailed shell users to view the complete process list on the server.
To verify whether this problem exists on your server, perform the following steps:
- SSH in to the server as a jailed shell user.
- Run the
If the command returns the complete process list for the server, the user has a full
This problem occurs because the
clone() system call did not accept the
CLONE_NEWPID flag. You must set the
sys_admin capability to on for the
clone() system call to handle this flag correctly.
sys_admincapability to on on production servers. This setting may result in stability issues, but namespace management requires it. Namespace management in containers can lead to crashed nodes. Therefore, the related functionality is restricted in the kernel to improve stability. cPanel, L.L.C. is not responsible for problems that result from this workaround.
To set the
sys_admin capability to on, run the following command:
vzctl set CTID --save --capability sys_admin:on
Unable to set uids error
The system may return the following error when users attempt to access the jailed shell environment:
Unable to set uids
This problem generally occurs due to a conflict with custom
hard nproc settings in the
/etc/security/limits.conf file. Custom values for these settings may also cause problems with account creation.
To resolve this issue, revert the
hard nproc settings to their default values.
MySQL® connection errors
Sites may return MySQL connection errors when you enable the _Jail Apache Virtual Hosts using modruid2 and cPanel® jailshell setting in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).
This problem generally occurs due to a restriction of the loop device limit within OpenVZ.
To resolve this issue, perform the following steps to increase the loop device limit:
- In the
max_loop=256as a kernel parameter.
- Reboot the server.
Run the following command:
/sbin/MAKEDEV -v /dev/loop
Repeat these steps for the VPS node and VPS container.