Bug 461943 - leaked file descriptors
leaked file descriptors
Status: CLOSED DUPLICATE of bug 461954
Product: Red Hat Cluster Suite
Classification: Red Hat
Component: ccs (Show other bugs)
4
All Linux
medium Severity low
: ---
: ---
Assigned To: Jonathan Earl Brassow
Cluster QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-11 11:27 EDT by Tim Wilkinson
Modified: 2010-01-27 13:17 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-01-27 13:17:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Wilkinson 2008-09-11 11:27:02 EDT
Description of problem:

The following selinux flagged events are indicative of leaked file descriptors.

  allow httpd_t initrc_t:unix_stream_socket { read write };
  allow ifconfig_t initrc_t:unix_stream_socket { read write };
  allow netutils_t initrc_t:unix_stream_socket { read write };
  allow ping_t initrc_t:unix_stream_socket { read write };
  allow rdisc_t initrc_t:unix_stream_socket { read write };

I am unsure as to which daemon is starting these apps but it is leaking a file descriptor. After a debug effort with Dan Walsh's assistance, the file descriptor to /var/run/cluster/ccsd.sock is under suspicion.


How reproducible:

Consistent


Steps to Reproduce:

This is reproducible on a 2-node cluster serving web pages with firewall and selinux enforcing.
Comment 1 Tim Wilkinson 2008-09-11 11:32:23 EDT
2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:15 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

As I understand it, the following is all that is necessary to prevent the leak ...

   fcntl(fd, F_SETFD, FD_CLOEXEC)

... but I will defer to Dan for the details as to why.
Comment 2 Tim Wilkinson 2008-09-22 11:20:14 EDT
Whatever is starting ifconfig_t, netutils_t, ping_t, and rdisk_t is leaking a file descriptor.

   allow DOMAIN initrc_t:unix_stream_socket { read write };

Check whatever domain is running as initrc_t and make sure all its
descriptors are closed on exec.

   fcntl(fd, F_SETFD, FD_CLOEXEC)
Comment 3 Daniel Walsh 2008-10-29 09:08:08 EDT
ps -eZ | grep initrc_t

What processes is running as initrc_t?
Comment 4 Tim Wilkinson 2008-10-29 10:03:24 EDT
root@et-virt09:~
> ps -eZ | grep initrc_t
system_u:system_r:initrc_t       7216 ?        00:00:00 groupd
system_u:system_r:initrc_t       7224 ?        00:00:00 fenced
system_u:system_r:initrc_t       7230 ?        00:00:00 dlm_controld
system_u:system_r:initrc_t       7236 ?        00:00:00 gfs_controld
system_u:system_r:initrc_t       7331 ?        00:01:58 qdiskd
system_u:system_r:initrc_t       7811 ?        00:00:00 libvirtd
system_u:system_r:initrc_t       7823 ?        00:00:00 rhnsd
system_u:system_r:initrc_t       7875 ?        00:00:44 dnsmasq
system_u:system_r:initrc_t       8095 ?        00:00:00 clurgmgrd
system_u:system_r:initrc_t       8096 ?        00:00:35 clurgmgrd
Comment 5 Daniel Walsh 2008-10-29 12:13:26 EDT
So most likely culprit is clurgmrd.
Comment 6 Lon Hohberger 2010-01-27 13:17:40 EST

*** This bug has been marked as a duplicate of bug 461954 ***

Note You need to log in before you can comment on or make changes to this bug.