Bug 803550 – rsyslog fails to initialize gtls driver because of too many open files

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 803550 - rsyslog fails to initialize gtls driver because of too many open files

Summary:	rsyslog fails to initialize gtls driver because of too many open files

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	rsyslog (Show other bugs)
Sub Component:
Version:	6.2
Hardware:	x86_64 Linux

Priority	unspecified Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Tomas Heinrich
QA Contact:	Dalibor Pospíšil
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	805204
	Show dependency tree / graph

Reported:	2012-03-14 21:50 EDT by Josh
Modified:	2012-06-20 02:58 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Due to an issue in gnutls library, the gtls module leaked a file descriptor every time it was loaded. After reaching the fd limit, no new files or network connections could be opened. The gtls module was marked not to be unloaded during the lifetime of the process. No file descriptors are being leaked.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-06-20 02:58:54 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0796	normal	SHIPPED_LIVE	Moderate: rsyslog security, bug fix, and enhancement update	2012-06-19 15:29:32 EDT

Groups: None (edit)

Description Josh 2012-03-14 21:50:56 EDT

Description of problem:
when logging to a central log server while using gtls rsyslog fails to initialize after a while because it cannot open any more files

Version-Release number of selected component (if applicable):
4.6.2-12.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. enable gtls on a client
2. log to a central server
3. wait for logs to happen
  
Actual results:
logs are sent to a central server

Expected results:
after a while, logs stop being sent

Additional info:
this could be because of http://bugzilla.adiscon.com/show_bug.cgi?id=222

Comment 2 Tomas Heinrich 2012-03-15 08:36:03 EDT

Can you please try these rpms?
http://theinric.fedorapeople.org/rsyslog-5.8.7-1.el6.x86_64-rpms.2012-03-15.tar.gz

Comment 3 Josh 2012-03-15 08:42:41 EDT

(In reply to comment #2)
> Can you please try these rpms?
> http://theinric.fedorapeople.org/rsyslog-5.8.7-1.el6.x86_64-rpms.2012-03-15.tar.gz

not to be too paranoid, but can you provide the srpm used to build these?

thanks

Comment 4 Tomas Heinrich 2012-03-15 09:37:43 EDT

http://theinric.fedorapeople.org/rsyslog-5.8.7-1.el6.src.rpm

Just the rsyslog-5.8.7 sources built for rhel 6.2.

Comment 5 Josh 2012-03-16 17:12:38 EDT

First tests I'm having some problems with.  I tried upgrading from 4.6.2 directly but rsyslog doesn't seem to start up while in enforcing mode.  Audit reports syslogd_t requesting setsched but has no other denials.  I'll see if I can narrow down the problem.

Comment 6 Josh 2012-03-16 18:12:55 EDT

(In reply to comment #5)
> First tests I'm having some problems with.  I tried upgrading from 4.6.2
> directly but rsyslog doesn't seem to start up while in enforcing mode.  Audit
> reports syslogd_t requesting setsched but has no other denials.  I'll see if I
> can narrow down the problem.

Doing a little bit of searching I found this: https://bugzilla.redhat.com/show_bug.cgi?id=689089

It looks like the setsched SELinux permission was added in Jun 2011 and the sys_nice was added in Jan 2012

Specifically 153cc80f8760a5e05cf1d5245a369e2da485e52a for sys_nice and 47d5c167a87e9e30b42f2f4a0daaaa15d608afa1 for the setsched 

I'll create a module for them and test again.

Comment 7 Josh 2012-03-21 08:41:43 EDT

I've successfully installed rsyslog-5.8.7 and am in the process of testing it.

One thing to note is that if you are spooling messages under rsyslog-4.6.2 and then upgrade to 5.8.7 rsyslog will silently not start up.  There cannot be any messages left to be sent to a central server from the previous rsyslog version.

Comment 8 Tomas Heinrich 2012-03-22 13:30:38 EDT

(In reply to comment #7)
> One thing to note is that if you are spooling messages under rsyslog-4.6.2 and
> then upgrade to 5.8.7 rsyslog will silently not start up.  There cannot be any
> messages left to be sent to a central server from the previous rsyslog version.

That's interesting. According to the changelog the format of the spool files shouldn't have changed since 4.1.0, but there seems to be a change in this commit:
http://git.adiscon.com/?p=rsyslog.git;a=commit;h=4a5a3196fbe4e5a4e9f8dea49f916462adbf3098
I also don't see any mention of this change in the documentation:
http://www.rsyslog.com/doc/v5compatibility.html
In my tests the daemon simply segfaults, so this looks like a bug.

I've also noticed another minor bug related to queues. I'll try to craft a patch, notify upstream and hopefully this will be resolved soon.
Thanks for your testing.

Comment 9 Josh 2012-03-27 16:20:55 EDT

Have not seen the too many open files bug since upgrading to 5.8.7 but it's only been a week.  Will continue to monitor for this error to come back up.

Comment 10 Tomas Heinrich 2012-04-16 16:32:45 EDT

I've opened separate bugs for the additional issues: bug 813079, bug 813084.
I guess the original issue can be considered fixed with the rebase to rsyslog 5.8.10.

Comment 11 Josh 2012-04-16 17:07:07 EDT

After this length I agree that it has been fixed by a rebase.

Comment 12 Josh 2012-04-16 17:09:09 EDT

(In reply to comment #10)
> I've opened separate bugs for the additional issues: bug 813079, bug 813084.
> I guess the original issue can be considered fixed with the rebase to rsyslog
> 5.8.10.

What about the rsyslog needing new SELinux permissions? 

#============= syslogd_t ==============
allow syslogd_t self:capability sys_nice;
allow syslogd_t self:process setsched;


Should that require a new bug?

Comment 13 Tomas Heinrich 2012-04-17 07:48:18 EDT

(In reply to comment #12)
> What about the rsyslog needing new SELinux permissions? 

That should be fixed by now.

> Should that require a new bug?

Probably not necessary.

Comment 18 Tomas Heinrich 2012-05-03 13:28:52 EDT

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Due to an issue in gnutls library, the gtls module leaked a file descriptor every time it was loaded.
After reaching the fd limit, no new files or network connections could be opened.
The gtls module was marked not to be unloaded during the lifetime of the process.
No file descriptors are being leaked.

Comment 21 errata-xmlrpc 2012-06-20 02:58:54 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0796.html

Note You need to log in before you can comment on or make changes to this bug.