Bug 674450 - rsyslog contains ineffectual unlimited select patch
rsyslog contains ineffectual unlimited select patch
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: rsyslog (Show other bugs)
5.6
Unspecified Linux
urgent Severity urgent
: rc
: ---
Assigned To: Tomas Heinrich
BaseOS QE Security Team
: Patch, ZStream
Depends On:
Blocks: 692954
  Show dependency treegraph
 
Reported: 2011-02-01 17:49 EST by Jeff Bastian
Modified: 2012-10-31 05:41 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The previous version of rsyslog contained a patch that was not applied due to a too old version of a component in the build environment. The patch has been altered so that the component is not needed during the build process and thus resolving the issue.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-21 01:08:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
rsyslogd crash (6.15 KB, text/plain)
2011-02-01 17:49 EST, Jeff Bastian
no flags Details
patch to fix configure and config.h.in (6.96 KB, patch)
2011-02-01 18:14 EST, Jeff Bastian
no flags Details | Diff

  None (edit)
Description Jeff Bastian 2011-02-01 17:49:06 EST
Created attachment 476497 [details]
rsyslogd crash

Description of problem:
RHEL 5 rsyslog includes a patch, rsyslog-3.22.1-unlimitedselect.patch, that has no effect on the final build due to the autoconf version in RHEL 5 (it's too old).  As a result, rsyslog can crash with large numbers of clients.

Version-Release number of selected component (if applicable):
rsyslog-3.22.1-3.el5_5.1

How reproducible:
every time

Steps to Reproduce:
0. Set SELinux in Permissive mode or Disabled
     setenforce Permissive
   The policies prevent rsyslogd from increasing the limit on open files;
   this is a separate problem with the policies and I'll open another bz
   for it.
1. Update rsyslog configuration and start it
     vim /etc/sysconfig/rsyslog
         SYSLOGD_OPTIONS="-c3"
     vim /etc/rsyslog.conf
         # Add these lines after '$ModLoad imuxsock' line
         $ModLoad imtcp.so
         $MaxOpenFiles 2100
         $InputTCPMaxSessions 1100
         $InputTCPServerRun 514
     service rsyslog start
2. Download rsyslog-4.6.5 to get the tcpflood test program
     cd /tmp
     wget http://www.rsyslog.com/files/download/rsyslog/rsyslog-4.6.5.tar.gz
     tar xzf rsyslog-4.6.5.tar.gz
     cd rsyslog-4.6.5
     ./configure
     cd tests
     make tcpflood
3. Run tcpflood against the server
     cd /tmp/rsyslog-4.6.5/tests
     ./tcpflood -p514 -c1100 -m1000
  
Actual results:
rsyslogd crashes

Expected results:
rsyslogd handles the load

Additional info:
Traceback from rsyslogd is attached

You can see that the ulimited select patch is ineffective during the rpmbuild:

[rpmbuild@localhost SPECS]$ rpmbuild -bc rsyslog.spec
Executing(%prep): /bin/sh -e /home/rpmbuild/build/tmp/rpm-tmp.81244
...
+ echo 'Patch #0 (rsyslog-3.22.1-unlimitedselect.patch):'
Patch #0 (rsyslog-3.22.1-unlimitedselect.patch):
...
+ aclocal
configure.ac:4: error: Autoconf version 2.61 or higher is required
configure.ac:4: the top level
autom4te: /usr/bin/m4 failed with exit status: 63
aclocal: autom4te failed with exit status: 63
+ exit 0
...
+ ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --sbindir=/sbin --disable-static --enable-mysql --enable-pgsql --enable-gssapi-krb5 --enable-imfile --enable-gnutls --enable-unlimited-select
configure: WARNING: unrecognized options: --enable-unlimited-select
...

[rpmbuild@localhost SPECS]$ cd ../BUILD/rsyslog-3.22.1/
[rpmbuild@localhost rsyslog-3.22.1]$ grep -i unlimited config.h
[rpmbuild@localhost rsyslog-3.22.1]$
Comment 2 Jeff Bastian 2011-02-01 17:58:42 EST
See bug 674452 for the SELinux bug blocking rsyslogd from calling setrlimit
Comment 3 Jeff Bastian 2011-02-01 18:14:26 EST
Created attachment 476500 [details]
patch to fix configure and config.h.in

A patch from Scott Mayhew to fix the configure script and config.h.in file since RHEL-5's autoconf is slightly too old.

Many thanks go to Scott for both finding the root cause of this problem and developing the patch!
Comment 4 Jeff Bastian 2011-02-01 18:19:09 EST
Oops, in the reproducer steps, I forgot to increase the open file limit.  Add a 'ulimit -n 1200' in there:

3. Run tcpflood against the server
     ulimit -n 1200
     cd /tmp/rsyslog-4.6.5/tests
     ./tcpflood -p514 -c1100 -m1000
Comment 15 Tomas Heinrich 2012-01-18 09:29:34 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The previous version of rsyslog contained a patch that was not
applied due to a too old version of a component in the build
environment. The patch has been altered so that the component is not
needed during the build process and thus resolving the issue.
Comment 16 errata-xmlrpc 2012-02-21 01:08:36 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0228.html
Comment 17 Martin Prpic 2012-08-10 09:03:35 EDT
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,4 @@
-The previous version of rsyslog contained a patch that was not
applied due to a too old version of a component in the build
environment. The patch has been altered so that the component is not
needed during the build process and thus resolving the issue.+The previous version of rsyslog contained a patch that was not
+applied due to a too old version of a component in the build
+environment. The patch has been altered so that the component is not
+needed during the build process and thus resolving the issue.

Note You need to log in before you can comment on or make changes to this bug.