Bug 205072 - logrotate is leaking file descriptors.
Summary: logrotate is leaking file descriptors.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: logrotate
Version: rawhide
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-03 17:44 UTC by Daniel Walsh
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: logrotate-3.7.4-6
Clone Of:
Environment:
Last Closed: 2006-10-03 09:02:55 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Closes leaky file descriptors (669 bytes, patch)
2006-09-20 14:57 UTC, Daniel Walsh
no flags Details | Diff
close fd (285 bytes, patch)
2006-09-25 07:25 UTC, Peter Vrabec
no flags Details | Diff

Description Daniel Walsh 2006-09-03 17:44:35 UTC
Description of problem:
I am seeing lots of AVC messages like the following 

type=AVC msg=audit(1157304251.270:27): avc:  denied  { read write } for 
pid=4176 comm="accton" name="error" dev=dm-0 ino=6259103
scontext=system_u:system_r:acct_t:s0 tcontext=user_u:object_r:mailman_log_t:s0
tclass=file
type=SYSCALL msg=audit(1157304251.270:27): arch=40000003 syscall=11 success=yes
exit=0 a0=8ecee88 a1=8ecf028 a2=8ecef48 a3=8eced00 items=0 ppid=4156 pid=4176
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="accton" exe="/sbin/accton" subj=system_u:system_r:acct_t:s0
key=(null)

These indicate acct is checking if it has { read write } permission on these
files that were opened by logrotate.  

Please make sure you execute

fcntl(fd, FD_SETFD, FD_CLOEXEC)

To fix the problem

Comment 1 Peter Vrabec 2006-09-04 11:28:04 UTC
I can't reproduce it on clean  FC-6 installation :-(



Comment 2 Daniel Walsh 2006-09-20 14:57:47 UTC
Created attachment 136743 [details]
Closes leaky file descriptors

Comment 3 Peter Vrabec 2006-09-21 14:25:03 UTC
Daniel, I don't why I can't reproduce any of these AVC bugs(205072,205876). :-(

I have looked at your patch and it seems to me there might be cleaner solution.
logrotate.c:909
           if (!debug) {
                fd = createOutputFile(log->files[logNum], O_CREAT | O_RDWR,
                                      &sb);
                if (fd < 0)
                    hasErrors = 1;
+              else
+                  close(fd);
            }

I gonna test it.


Comment 4 Peter Vrabec 2006-09-21 14:40:43 UTC
Is it necessary to use 

fcntl( {inFile,outFile}, F_SETFD, FD_CLOEXEC);

in situation like this:

   if (!fork()) {
        dup2(inFile, 0);
        close(inFile);
        dup2(outFile, 1);
        close(outFile);

        execvp(fullCommand[0], (void *) fullCommand);


Comment 5 Daniel Walsh 2006-09-21 22:49:18 UTC
No because you are explictly meaning to leak them in this case.  The problem
case is when they get leaked unexpectedly.

Comment 6 Peter Vrabec 2006-09-25 07:25:54 UTC
Created attachment 137033 [details]
close fd

I think this patch fix the problem. Daniel, could you confirm it?

Comment 7 Daniel Walsh 2006-09-25 14:54:50 UTC
I am not able to recreate the situation on demand, so apply the patch and I will
watch for additional avc messages.

Comment 8 Peter Vrabec 2006-10-03 09:02:55 UTC
Patch applied in logrotate-3.7.4-6. If problem persist, reopen this bug report.



Note You need to log in before you can comment on or make changes to this bug.