[Bug 1771805] Re: AD keytab renewal task leaks a file descriptor
Eric Desrochers
eric.desrochers at canonical.com
Fri May 18 12:49:24 UTC 2018
** Also affects: sssd (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: sssd (Ubuntu Xenial)
Assignee: (unassigned) => Victor Tapia (vtapia)
** Changed in: sssd (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: sssd (Ubuntu Xenial)
Status: New => In Progress
** Description changed:
[Impact]
When SSSD tries to renew the machine password, a write_to_child_fd is
open but never closed, leaking a descriptor per request until it hits
the limit and SSSD stops.
[Test Case]
1. With an AD deployed, and having the machine registered, include the
following option in sssd.conf:
# This option should only be used to test the machine account renewal task. The option expect 2 integers seperated by a colon (':'). The first integer defines the interval in
# seconds how often the task is run. The second specifies the inital timeout in seconds before the task is run for the first time after startup.
# Default: 86400:750 (24h and 15m)
ad_machine_account_password_renewal_opts = 5:5
2. Restart the service and monitor the use of descriptors:
root at sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc -l; sleep 60; done
38
50
62
74
86
98
110
122
134
146
158
170
182
194
206
217
229
^C
-
[Other info]
- The bug is reported and fixed upstream: https://pagure.io/SSSD/sssd/issue/3017
- Trusty is not affected (feat not implemented) and A/B/C already include the fix
+ The bug is reported and fixed upstream:
+ https://pagure.io/SSSD/sssd/issue/3017
+
+ Upstream fix commit:
+ https://pagure.io/SSSD/sssd/c/312d211e03b9f3769a0362f1767cc59792e32746
+
+ Trusty is not affected (feat not implemented) and A/B/C already include
+ the fix :
+
+ $ git describe 312d211e03b9f3769a0362f1767cc59792e32746
+ sssd-1_13_4-10-g312d211e0
+
+ $ rmadison sssd
+ ==> sssd | 1.13.4-1ubuntu1.10 | xenial-updates
+ sssd | 1.15.3-2ubuntu1 | artful
+ sssd | 1.16.1-1ubuntu1 | bionic
+ sssd | 1.16.1-1ubuntu1 | cosmic
+ sssd | 1.16.1-1ubuntu3 | cosmic-proposed
** Changed in: sssd (Ubuntu)
Assignee: Victor Tapia (vtapia) => (unassigned)
** Changed in: sssd (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1771805
Title:
AD keytab renewal task leaks a file descriptor
Status in sssd package in Ubuntu:
Fix Released
Status in sssd source package in Xenial:
In Progress
Bug description:
[Impact]
When SSSD tries to renew the machine password, a write_to_child_fd is
open but never closed, leaking a descriptor per request until it hits
the limit and SSSD stops.
[Test Case]
1. With an AD deployed, and having the machine registered, include the
following option in sssd.conf:
# This option should only be used to test the machine account renewal task. The option expect 2 integers seperated by a colon (':'). The first integer defines the interval in
# seconds how often the task is run. The second specifies the inital timeout in seconds before the task is run for the first time after startup.
# Default: 86400:750 (24h and 15m)
ad_machine_account_password_renewal_opts = 5:5
2. Restart the service and monitor the use of descriptors:
root at sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc -l; sleep 60; done
38
50
62
74
86
98
110
122
134
146
158
170
182
194
206
217
229
^C
[Other info]
The bug is reported and fixed upstream:
https://pagure.io/SSSD/sssd/issue/3017
Upstream fix commit:
https://pagure.io/SSSD/sssd/c/312d211e03b9f3769a0362f1767cc59792e32746
Trusty is not affected (feat not implemented) and A/B/C already
include the fix :
$ git describe 312d211e03b9f3769a0362f1767cc59792e32746
sssd-1_13_4-10-g312d211e0
$ rmadison sssd
==> sssd | 1.13.4-1ubuntu1.10 | xenial-updates
sssd | 1.15.3-2ubuntu1 | artful
sssd | 1.16.1-1ubuntu1 | bionic
sssd | 1.16.1-1ubuntu1 | cosmic
sssd | 1.16.1-1ubuntu3 | cosmic-proposed
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1771805/+subscriptions
More information about the Ubuntu-sponsors
mailing list