Hello, As I've written on the ejabberd chatroom, I hade same issue with my server running Debian Stretch since last Saturday IIRC.
I've just checked my apt logs and Apparmor has been installed automatically during an upgrade: > Start-Date: 2017-11-21 07:04:28 > Commandline: apt upgrade > Upgrade: libxml-libxml-perl:amd64 (2.0128+dfsg-1+b1, 2.0128+dfsg- > 1+deb9u1), procmail:amd64 (3.22-25+b1, 3.22-25+deb9u1) > End-Date: 2017-11-21 07:05:00 > > Start-Date: 2017-11-21 07:58:45 > Install: php-zmq:amd64 (1.1.3-5), libpgm-5.2-0:amd64 (5.2.122~dfsg-2, > automatic), libzmq5:amd64 (4.2.1-4, automatic), libsodium18:amd64 > (1.0.11-2, automatic) > End-Date: 2017-11-21 07:58:59 > > Start-Date: 2017-11-24 21:23:57 > Commandline: apt upgrade > Install: libapparmor-perl:amd64 (2.11.0-3, automatic), apparmor:amd64 > (2.11.0-3, automatic) > Upgrade: linux-headers-4.13.0-0.bpo.1-amd64:amd64 (4.13.4-2~bpo9+1, > 4.13.13-1~bpo9+1), gitlab-ce:amd64 (10.1.4-ce.0, 10.2.1-ce.0), linux- > image-4.13.0-0.bpo.1-amd64:amd64 (4.13.4-2~bpo9+1, 4.13.13-1~bpo9+1), > linux-kbuild-4.13:amd64 (4.13.4-2~bpo9+1, 4.13.13-1~bpo9+1), linux- > headers-4.13.0-0.bpo.1-common:amd64 (4.13.4-2~bpo9+1, 4.13.13- > 1~bpo9+1) > End-Date: 2017-11-24 21:34:08 > > Start-Date: 2017-11-26 15:42:37 > Remove: libapparmor-perl:amd64 (2.11.0-3), apparmor:amd64 (2.11.0-3) > End-Date: 2017-11-26 15:42:50 > > Start-Date: 2017-11-30 06:32:27 > Commandline: /usr/bin/unattended-upgrade > Upgrade: libcurl3:amd64 (7.52.1-5+deb9u2, 7.52.1-5+deb9u3), > curl:amd64 (7.52.1-5+deb9u2, 7.52.1-5+deb9u3), libcurl3-gnutls:amd64 > (7.52.1-5+deb9u2, 7.52.1-5+deb9u3) > End-Date: 2017-11-30 06:32:49 > In the ejabberd log, for the http_upload server, I have: > 2017-11-30 17:49:19.971 [error] > <0.23175.0>@mod_http_upload:process:371 Cannot store file > /srv/var/ejabberd/http_upload/4a573a53f8a83374e2dbbdcbc8083b7413c34d8 > 4/E4ggWg10PReyzn6b9su2DHTxky4khRUefeFhnmU2/a-REOv9LQMSruzWoDoXJ0Q.jpg > from ::FFFF:213.55.211.109 for adorsaz.ch: "permission denied" As I've written in the chatroom, it also happened with my TLS certificates which I've installed at /usr/lib/ssl/private/ directory. See the ejabberd error log: > 2017-11-25 22:33:07.067 [error] > <0.279.0>@ejabberd_pkix:mk_cert_state:244 failed to read certificate > from /usr/lib/ssl/private/adorsaz.ch/chain_with_key.pem: permission > denied > 2017-11-25 22:33:20.087 [error] > <0.479.0>@ejabberd_c2s:process_terminated:291 (tcp|<0.478.0>) Failed > to secure c2s connection: TLS failed: SSL_CTX_use_certificate_file > failed: error:0200100D:system library:fopen:Permission denied > For certificates, I've moved them to /etc/ejabberd and it worked well (I've also tried in /var/lib/ejabberd and it worked). Looking forward who recommended installation of apparmor: > 19:33:51 [root@kadabra:/var/log/ejabberd] # aptitude why apparmor > i linux-image-amd64 Dépend linux-image-4.13.0- > 0.bpo.1-amd64 > i A linux-image-4.13.0-0.bpo.1-amd64 Recommande apparmor For information, other packages which would recommends/suggests apparmor: > 19:34:40 [root@kadabra:/var/log/ejabberd] # apt-cache rdepends -- > installed apparmor > apparmor > Reverse Depends: > systemd > systemd > linux-image-4.13.0-0.bpo.1-amd64 > ejabberd > haveged > ejabberd > clamav-freshclam > clamav-daemon > In my apt log above, you can see I've removed the apparmor package on 26th November, but it didn't resolve the issue. I've seen today, with aptitude, that the package was in the 'c' state. So I've just purged it and rebooted my server: Now it works :-) Adrien Dorsaz
