Bug 205072 – logrotate is leaking file descriptors.

Bug 205072 - logrotate is leaking file descriptors.

Summary:	logrotate is leaking file descriptors.

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	logrotate (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	medium Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Peter Vrabec
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-09-03 13:44 EDT by Daniel Walsh
Modified:	2007-11-30 17:11 EST (History)
CC List:	0 users

See Also:
Fixed In Version:	logrotate-3.7.4-6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-10-03 05:02:55 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Closes leaky file descriptors (669 bytes, patch) 2006-09-20 10:57 EDT, Daniel Walsh	no flags	Details \| Diff
close fd (285 bytes, patch) 2006-09-25 03:25 EDT, Peter Vrabec	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Daniel Walsh 2006-09-03 13:44:35 EDT

Description of problem:
I am seeing lots of AVC messages like the following 

type=AVC msg=audit(1157304251.270:27): avc:  denied  { read write } for 
pid=4176 comm="accton" name="error" dev=dm-0 ino=6259103
scontext=system_u:system_r:acct_t:s0 tcontext=user_u:object_r:mailman_log_t:s0
tclass=file
type=SYSCALL msg=audit(1157304251.270:27): arch=40000003 syscall=11 success=yes
exit=0 a0=8ecee88 a1=8ecf028 a2=8ecef48 a3=8eced00 items=0 ppid=4156 pid=4176
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="accton" exe="/sbin/accton" subj=system_u:system_r:acct_t:s0
key=(null)

These indicate acct is checking if it has { read write } permission on these
files that were opened by logrotate.  

Please make sure you execute

fcntl(fd, FD_SETFD, FD_CLOEXEC)

To fix the problem

Comment 1 Peter Vrabec 2006-09-04 07:28:04 EDT

I can't reproduce it on clean  FC-6 installation :-(

Comment 2 Daniel Walsh 2006-09-20 10:57:47 EDT

Created attachment 136743 [details]
Closes leaky file descriptors

Comment 3 Peter Vrabec 2006-09-21 10:25:03 EDT

Daniel, I don't why I can't reproduce any of these AVC bugs(205072,205876). :-(

I have looked at your patch and it seems to me there might be cleaner solution.
logrotate.c:909
           if (!debug) {
                fd = createOutputFile(log->files[logNum], O_CREAT | O_RDWR,
                                      &sb);
                if (fd < 0)
                    hasErrors = 1;
+              else
+                  close(fd);
            }

I gonna test it.

Comment 4 Peter Vrabec 2006-09-21 10:40:43 EDT

Is it necessary to use 

fcntl( {inFile,outFile}, F_SETFD, FD_CLOEXEC);

in situation like this:

   if (!fork()) {
        dup2(inFile, 0);
        close(inFile);
        dup2(outFile, 1);
        close(outFile);

        execvp(fullCommand[0], (void *) fullCommand);

Comment 5 Daniel Walsh 2006-09-21 18:49:18 EDT

No because you are explictly meaning to leak them in this case.  The problem
case is when they get leaked unexpectedly.

Comment 6 Peter Vrabec 2006-09-25 03:25:54 EDT

Created attachment 137033 [details]
close fd

I think this patch fix the problem. Daniel, could you confirm it?

Comment 7 Daniel Walsh 2006-09-25 10:54:50 EDT

I am not able to recreate the situation on demand, so apply the patch and I will
watch for additional avc messages.

Comment 8 Peter Vrabec 2006-10-03 05:02:55 EDT

Patch applied in logrotate-3.7.4-6. If problem persist, reopen this bug report.

Note You need to log in before you can comment on or make changes to this bug.