On 2019-04-15 23:26:02, tho...@fiasko-nw.net wrote:
> Hi Antoine,
>
>
> On Mon, 15 Apr 2019, Antoine Beaupre wrote:
>
>> Package: needrestart
>> Version: 2.11-3+deb9u1
>
> I wonder which Debian release is in use. The system information section
> looks like testing but needrestart 2.11 is from stretch.
Sorry, I didn't file the bug report from the affected machine. :/ I hope
that's alright, I can re-extract the rest of the data as required if
that's needed.
>> The recent libssh2 upgrade wasn't correctly flagged by needrestart:
>> some proceses were marked as need a restart, but others, specifically
>> those running under the ruby interpreter, were not. Here's what our
>> homegrown system has detected for those:
>>
>> root@gitlab-01:/etc/nagios/nrpe.d# /usr/lib/nagios/plugins/dsa-check-libs
>> --verbose 2>&1 | grep -a -v /log/
>> Running /usr/bin/lsof -F0 -n
> [snip]
>> Needrestart finds nothing of the sort:
>
> Using lsof alone does not tell if the library is mapped executable
> (read access on deleted files is ignored by needrestart intentional). Can
> you please check if those files are mapped executable in /proc/$PID/maps?
Unfortunately, the box has since then been rebooted.
>> root@gitlab-01:/etc/nagios/nrpe.d# needrestart -v
>> [main] eval /etc/needrestart/needrestart.conf
>> [main] needrestart v3.3
>> [main] running in root mode
>> [Core] Using UI 'NeedRestart::UI::stdio'...
>> [main] systemd detected
>> [Core] #843 is a NeedRestart::Interp::Python
>> [Python] #843: source=/usr/bin/fail2ban-server
>> [Core] #882 is a NeedRestart::Interp::Ruby
>> [Ruby] #882:
>> source=/srv/dip.torproject.org/home/gitlab/vendor/bundle/ruby/2.3.0/bin/mail_room
>> [main] #883 uses deleted /usr/lib/x86_64-linux-gnu/libssh2.so.1.0.1
>> [main] #883 is a child of #745
>> [Core] #31644 is a NeedRestart::Interp::Ruby
>> [Ruby] #31644: source file '' not found, skipping
>> [Ruby] #31644: reduced ARGV:
>> [Core] #31669 is a NeedRestart::Interp::Ruby
>> [Ruby] #31669: source file '' not found, skipping
>> [Ruby] #31669: reduced ARGV:
>> [Core] #31671 is a NeedRestart::Interp::Ruby
>> [Ruby] #31671: source file '' not found, skipping
>> [Ruby] #31671: reduced ARGV:
>> [Core] #31675 is a NeedRestart::Interp::Ruby
>> [Ruby] #31675: source file '' not found, skipping
>> [Ruby] #31675: reduced ARGV:
>> [Core] #31677 is a NeedRestart::Interp::Ruby
>> [Ruby] #31677: source file '' not found, skipping
>> [Ruby] #31677: reduced ARGV:
>> [main] #745 exe => /lib/systemd/systemd
>> [main] #745 part of user manager service: uid=1504
>
> This looks OK for me. The PID 883 uses a old libssh2 but belongs to a user
> session of uid 1504. The ruby instances seems not to have libssh2 mapped
> executable - so they are not reported.
Interesting. In which circumstance could a process have a library loaded
but not mappex executable? That seems like a paradox.
>> It also seem to fail to find the source code for those files... The
>> "homegrown" tool is actually the one used by DSA to check for upgrades
>> through nagios:
>
> Needrestart tries to get the source file from the cmdline which may fail
> and break the interpreter heuristic which looks for outdated source files.
> The library detection is done before and not affected by the missing
> source files.
Understood. Anyways, dsa-check-libs doesn't notice anything specifically
about ruby source files here anyways, as far as I understand it.
So this might just be false positives on our side. Is that fundamentally
your conclusion as well? In this case I guess we can close this until I
have more concrete evidence...
Thanks for the prompt reply!
A.
--
La politique est l'art d'empêcher les gens de se mêler de ce qui les
regarde
- Paul Valéry
