Bug 205072 - logrotate is leaking file descriptors.
logrotate is leaking file descriptors.
Product: Fedora
Classification: Fedora
Component: logrotate (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Peter Vrabec
Depends On:
  Show dependency treegraph
Reported: 2006-09-03 13:44 EDT by Daniel Walsh
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: logrotate-3.7.4-6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-03 05:02:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Closes leaky file descriptors (669 bytes, patch)
2006-09-20 10:57 EDT, Daniel Walsh
no flags Details | Diff
close fd (285 bytes, patch)
2006-09-25 03:25 EDT, Peter Vrabec
no flags Details | Diff

  None (edit)
Description Daniel Walsh 2006-09-03 13:44:35 EDT
Description of problem:
I am seeing lots of AVC messages like the following 

type=AVC msg=audit(1157304251.270:27): avc:  denied  { read write } for 
pid=4176 comm="accton" name="error" dev=dm-0 ino=6259103
scontext=system_u:system_r:acct_t:s0 tcontext=user_u:object_r:mailman_log_t:s0
type=SYSCALL msg=audit(1157304251.270:27): arch=40000003 syscall=11 success=yes
exit=0 a0=8ecee88 a1=8ecf028 a2=8ecef48 a3=8eced00 items=0 ppid=4156 pid=4176
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="accton" exe="/sbin/accton" subj=system_u:system_r:acct_t:s0

These indicate acct is checking if it has { read write } permission on these
files that were opened by logrotate.  

Please make sure you execute


To fix the problem
Comment 1 Peter Vrabec 2006-09-04 07:28:04 EDT
I can't reproduce it on clean  FC-6 installation :-(

Comment 2 Daniel Walsh 2006-09-20 10:57:47 EDT
Created attachment 136743 [details]
Closes leaky file descriptors
Comment 3 Peter Vrabec 2006-09-21 10:25:03 EDT
Daniel, I don't why I can't reproduce any of these AVC bugs(205072,205876). :-(

I have looked at your patch and it seems to me there might be cleaner solution.
           if (!debug) {
                fd = createOutputFile(log->files[logNum], O_CREAT | O_RDWR,
                if (fd < 0)
                    hasErrors = 1;
+              else
+                  close(fd);

I gonna test it.
Comment 4 Peter Vrabec 2006-09-21 10:40:43 EDT
Is it necessary to use 

fcntl( {inFile,outFile}, F_SETFD, FD_CLOEXEC);

in situation like this:

   if (!fork()) {
        dup2(inFile, 0);
        dup2(outFile, 1);

        execvp(fullCommand[0], (void *) fullCommand);
Comment 5 Daniel Walsh 2006-09-21 18:49:18 EDT
No because you are explictly meaning to leak them in this case.  The problem
case is when they get leaked unexpectedly.
Comment 6 Peter Vrabec 2006-09-25 03:25:54 EDT
Created attachment 137033 [details]
close fd

I think this patch fix the problem. Daniel, could you confirm it?
Comment 7 Daniel Walsh 2006-09-25 10:54:50 EDT
I am not able to recreate the situation on demand, so apply the patch and I will
watch for additional avc messages.
Comment 8 Peter Vrabec 2006-10-03 05:02:55 EDT
Patch applied in logrotate-3.7.4-6. If problem persist, reopen this bug report.

Note You need to log in before you can comment on or make changes to this bug.