vsftpd: 500 OOPS: prctl PR_SET_SECCOMP failed

The message indicates that the prctl(PR_SET_SECCOMP, ...) call failed.

ret = prctl(PR_SET_SECCOMP, 2, &prog, 0, 0);
if (ret != 0)
{
  die("prctl PR_SET_SECCOMP failed");
}

It can happen when your kernel does not have the CONFIG_SECCOMP_FILTER enabled. But that can hardly change while you "work on website".

Quote from prctl man page:

PR_SET_SECCOMP (since Linux 2.6.23)

Set the secure computing (seccomp) mode for the calling thread, to limit the available system calls. The seccomp mode is selected via arg2. (The seccomp constants are defined in <linux/seccomp.h>

...

With arg2 set to SECCOMP_MODE_FILTER (since Linux 3.5) the system calls allowed are defined by a pointer to a Berkeley Packet Filter passed in arg3. This argument is a pointer to struct sock_fprog; it can be designed to filter arbitrary system calls and system call arguments. This mode is available only if the kernel is configured with CONFIG_SECCOMP_FILTER enabled.


As a poor workaround, you can configure vsftpd not to enable the the seccomp mode.

Use the seccomp_sandbox=no option in the vsftpd.conf.

The option does not seem to be documented.

Tags:

Ftp

Ubuntu

Vsftpd