vsftpd ftps error 500 OOPS: priv_sock_get_cmd

This document (7019373) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP1

Situation

vsftpd server that is configured for ftps gives following error:

500 OOPS: priv_sock_get_cmd

Resolution

Uncomment the last line in /etc/vsftpd.conf to have a seccomp_sandbox=NO configuration directive.

# seccomp_sandbox add an aditional security layer limiting the number of a
# syscalls can be performed via vsftpd. However it might happen that a
# whitelist don't allow a legitimate call (usually indirectly triggered by
# third-party library like pam, or openssl) and the process is being killed by kernel.
#
# Therefor if your server dies on common situations (file download, upload),
# uncomment following line and don't forget to open bug at
# https://bugzilla.suse.com
#seccomp_sandbox=NO

Cause

New seccomp security measure that is on by default is blocking openssl kernel syscall.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.