Some precisions: we are not alone, some projects had similar problem: http://bugs.bitlbee.org/bitlbee/ticket/785 And the problem is really coming from NSS initialization. Discussion about the issue here : http://osdir.com/ml/mozilla.crypto/2002-08/msg00016.html
There is a workaround to use NSS with fork but it is more setting a flag to share some resources (primarily sockets) but must (re)initialize NSS library on all children. AFAIK why we initialize NSS library before becoming user and forking is to be able to access and read certificates and keys which is readable only by root and should not be readable in userland. This behavior is this because it was the behavior used when using OpenSSL. Modifying this behavior implies to modify key/certificate storage and acces right policy. Emilien 2015-03-20 15:12 GMT+01:00 Emilien Kia <kiae....@gmail.com>: > Hello all, > > With a really fast lookup, I think it is probably a problem of NSS > initialization (key loading...) . > As the problem occurs only when upsd is forked and as nss is initialized ( > https://github.com/networkupstools/nut/blob/master/server/upsd.c#L1008)before > upsd deamonify ( > https://github.com/networkupstools/nut/blob/master/server/upsd.c#L1035), > I suspect NSS to not be fork-safe. > > I will intend to look more deeply. > > Best regards, > > Emilien > > > 2015-03-13 13:30 GMT+01:00 Charles Lepple <clep...@gmail.com>: > >> On Mar 12, 2015, at 11:55 PM, Melkor Lord <melkor.l...@gmail.com> wrote: >> >> > >> > On Mon, Mar 2, 2015 at 2:39 AM, Charles Lepple <clep...@gmail.com> >> wrote: >> > >> > > I thought start-stop-daemon was involved because it closes >> stdin/stdout file >> > > descriptors after exec()'ing the daemon. I tried "--no-close" option >> to no >> > > avail. After that, I validated the init script working fine with >> > > UPSD_OPTIONS="-D" in /etc/nut/nut.conf. >> > >> > Not strictly the same as closing the file descriptors, but I tried the >> > following: >> > >> > /sbin/upsd -D >/dev/null 2>&1 < /dev/null >> > >> > And it still worked. So I need to recompile with debugging symbols - >> > the Ubuntu packages did not have them. >> > >> > Sorry to bug you again with this issue but is there any improvement on >> the matter? >> >> No, not yet. >> >> Recompiling with debugging symbols did not reveal anything new. We have >> reached out to the engineer who wrote the NSS code for NUT. >> >> -- >> Charles Lepple >> clepple@gmail >> >> >> >> >> _______________________________________________ >> Nut-upsuser mailing list >> Nut-upsuser@lists.alioth.debian.org >> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser >> > >
_______________________________________________ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
