Bug 674450

Summary: rsyslog contains ineffectual unlimited select patch
Product: Red Hat Enterprise Linux 5 Reporter: Jeff Bastian <jbastian>
Component: rsyslogAssignee: Tomas Heinrich <theinric>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.6CC: ebenes, jrieden, jwest, ksrot, pvrabec, theinric
Target Milestone: rcKeywords: Patch, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The previous version of rsyslog contained a patch that was not applied due to a too old version of a component in the build environment. The patch has been altered so that the component is not needed during the build process and thus resolving the issue.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-21 06:08:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 692954    
Attachments:
Description Flags
rsyslogd crash
none
patch to fix configure and config.h.in none

Description Jeff Bastian 2011-02-01 22:49:06 UTC 
Created attachment 476497 [details]
rsyslogd crash

Description of problem:
RHEL 5 rsyslog includes a patch, rsyslog-3.22.1-unlimitedselect.patch, that has no effect on the final build due to the autoconf version in RHEL 5 (it's too old).  As a result, rsyslog can crash with large numbers of clients.

Version-Release number of selected component (if applicable):
rsyslog-3.22.1-3.el5_5.1

How reproducible:
every time

Steps to Reproduce:
0. Set SELinux in Permissive mode or Disabled
     setenforce Permissive
   The policies prevent rsyslogd from increasing the limit on open files;
   this is a separate problem with the policies and I'll open another bz
   for it.
1. Update rsyslog configuration and start it
     vim /etc/sysconfig/rsyslog
         SYSLOGD_OPTIONS="-c3"
     vim /etc/rsyslog.conf
         # Add these lines after '$ModLoad imuxsock' line
         $ModLoad imtcp.so
         $MaxOpenFiles 2100
         $InputTCPMaxSessions 1100
         $InputTCPServerRun 514
     service rsyslog start
2. Download rsyslog-4.6.5 to get the tcpflood test program
     cd /tmp
     wget http://www.rsyslog.com/files/download/rsyslog/rsyslog-4.6.5.tar.gz
     tar xzf rsyslog-4.6.5.tar.gz
     cd rsyslog-4.6.5
     ./configure
     cd tests
     make tcpflood
3. Run tcpflood against the server
     cd /tmp/rsyslog-4.6.5/tests
     ./tcpflood -p514 -c1100 -m1000
  
Actual results:
rsyslogd crashes

Expected results:
rsyslogd handles the load

Additional info:
Traceback from rsyslogd is attached

You can see that the ulimited select patch is ineffective during the rpmbuild:

[rpmbuild@localhost SPECS]$ rpmbuild -bc rsyslog.spec
Executing(%prep): /bin/sh -e /home/rpmbuild/build/tmp/rpm-tmp.81244
...
+ echo 'Patch #0 (rsyslog-3.22.1-unlimitedselect.patch):'
Patch #0 (rsyslog-3.22.1-unlimitedselect.patch):
...
+ aclocal
configure.ac:4: error: Autoconf version 2.61 or higher is required
configure.ac:4: the top level
autom4te: /usr/bin/m4 failed with exit status: 63
aclocal: autom4te failed with exit status: 63
+ exit 0
...
+ ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --sbindir=/sbin --disable-static --enable-mysql --enable-pgsql --enable-gssapi-krb5 --enable-imfile --enable-gnutls --enable-unlimited-select
configure: WARNING: unrecognized options: --enable-unlimited-select
...

[rpmbuild@localhost SPECS]$ cd ../BUILD/rsyslog-3.22.1/
[rpmbuild@localhost rsyslog-3.22.1]$ grep -i unlimited config.h
[rpmbuild@localhost rsyslog-3.22.1]$
Comment 2 Jeff Bastian 2011-02-01 22:58:42 UTC 
See bug 674452 for the SELinux bug blocking rsyslogd from calling setrlimit
Comment 3 Jeff Bastian 2011-02-01 23:14:26 UTC 
Created attachment 476500 [details]
patch to fix configure and config.h.in

A patch from Scott Mayhew to fix the configure script and config.h.in file since RHEL-5's autoconf is slightly too old.

Many thanks go to Scott for both finding the root cause of this problem and developing the patch!
Comment 4 Jeff Bastian 2011-02-01 23:19:09 UTC 
Oops, in the reproducer steps, I forgot to increase the open file limit.  Add a 'ulimit -n 1200' in there:

3. Run tcpflood against the server
     ulimit -n 1200
     cd /tmp/rsyslog-4.6.5/tests
     ./tcpflood -p514 -c1100 -m1000
Comment 15 Tomas Heinrich 2012-01-18 14:29:34 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The previous version of rsyslog contained a patch that was not
applied due to a too old version of a component in the build
environment. The patch has been altered so that the component is not
needed during the build process and thus resolving the issue.
Comment 16 errata-xmlrpc 2012-02-21 06:08:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0228.html
Comment 17 Martin Prpič 2012-08-10 13:03:35 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,4 @@
-The previous version of rsyslog contained a patch that was not
applied due to a too old version of a component in the build
environment. The patch has been altered so that the component is not
needed during the build process and thus resolving the issue.+The previous version of rsyslog contained a patch that was not
+applied due to a too old version of a component in the build
+environment. The patch has been altered so that the component is not
+needed during the build process and thus resolving the issue.