Bug 977493 - flocked file descriptor for cron jobs should not be passed to child processes
flocked file descriptor for cron jobs should not be passed to child processes
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Rob Millner
libra bugs
Depends On:
  Show dependency treegraph
Reported: 2013-06-24 13:23 EDT by Andy Grimm
Modified: 2016-11-07 22:47 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-07-22 11:18:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andy Grimm 2013-06-24 13:23:32 EDT
The code that drives cron jobs in gears uses flock to ensure that a cron job isn't run multiple times.  The way it is used, though, an open write-mode file descriptor is passed to child processes.  In one case, I've seen a cron job that starts a service (which is ugly, but that's orthogonal), which then keeps the file locked indefinitely, so the cron job from which the service was launched can never run as long as the service is running and holding the lock.
Comment 1 Jhon Honce 2013-06-24 14:01:37 EDT
Potential fix using &- to close flocked descriptor. E.g.,

( flock -n 9 || exit 1 ; sleep 100 9>&- ) 9>.flock
Comment 2 Rob Millner 2013-06-26 14:28:53 EDT
This class of issue potentially exists in the following scripts/modules:

Comment 3 Rob Millner 2013-06-27 18:29:06 EDT
Added extra protections to the lock file descriptor in various scripts.

Comment 4 openshift-github-bot 2013-06-27 18:50:27 EDT
Commit pushed to master at https://github.com/openshift/origin-server

Bug 977493 - Avoid leaking the lock file descriptor to child processes.
Comment 5 Rob Millner 2013-06-28 14:11:45 EDT
Here's the steps to Q/E:

1. Create an app with cron embedded.
   rhc app create rm1 php-5.3 cron-1.4

2. Create a cron script that will attempt to write to the lock file descriptor.
   cd rm1
   cat > .openshift/cron/minutely/broken <<_EOF_
echo "foo" >&9

   chmod +x .openshift/cron/minutely/broken
   git add .openshift/cron/minutely/broken
   git commit -m 'Add broken crontab'
   git push

3. Wait a few minutes and inspect the logs from cron in the gear.

4. You should see the following in the logs:
   line 1: 9: Bad file descriptor
Comment 6 Meng Bo 2013-07-01 02:16:29 EDT
Checked on devenv_3430, with step in comment#5.

tail the cron log, can get the following lines:

[php1-bmengdev.dev.rhcloud.com log]\> tailf cron.minutely.log 
Mon Jul  1 02:01:06 EDT 2013: START minutely cron run

/var/lib/openshift/35ee7d48e21311e285a322000aa40b62/app-root/runtime/repo//.openshift/cron/minutely/broken: line 1: 9: Bad file descriptor
Mon Jul  1 02:01:07 EDT 2013: END minutely cron run - status=0

Move bug to verified.

Note You need to log in before you can comment on or make changes to this bug.