Package: openssh-server Version: 1:4.7p1-12 Severity: normal Hi there!
I discovered recently during a testing migration that in a vserver environment you do not have the capability to adjust /proc values. This means that the oom_adj results in a lot of noise in the logfiles: sshd[9363]: error writing /proc/self/oom_adj: Operation not permitted Ok, so I thought I would disable it by tweaking the following in /etc/default/ssh: # OOM-killer adjustment for sshd (see # linux/Documentation/filesystems/proc.txt; lower values reduce # likelihood # of being killed, -17 = disable) SSHD_OOM_ADJUST=-17 Hmmm... its already set to -17 and -17 is 'disable'? Why isn't it disabled then if its already set here to be disabled? The source made me think that setting it to 0 should disable it: + const char *oom_adj = getenv("SSHD_OOM_ADJUST"); + if (!oom_adj) + return; I've tried setting this to 0, -17, no setting, and commenting it out of the file altogether, but it still is being attempted.... After trial-and-error it seems like it shouldn't be set to anything at all if it is supposed to be disabled. So, the environment variable SSHD_OOM_ADJUST needs to be non-existant to actually disable it. I don't understand why, unless there is some environment scrubbing going on? It doesn't help that in /etc/init.d/ssh, we find this: export SSHD_OOM_ADJUST=-17 right before the sourcing of the /etc/default/ssh file. So the only way to really disable this is to comment out both the line in /etc/init.d/ssh where the environment variable is set to -17 and the line in /etc/default/ssh where it is also set. I'm guessing that you were going for it a disable value of 0+ do it, but it seems that is completely ignored, for whatever reason that is beyond me. In any case, having to edit the initscript to disable this is not the right way. I appreciate your continued maintainence of this package! Micah -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-server depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii dpkg 1.14.19 package maintenance system for Deb ii libc6 2.7-12 GNU C Library: Shared libraries ii libcomerr2 1.40.11-1 common error description library ii libkrb53 1.6.dfsg.4~beta1-2 MIT Kerberos runtime libraries ii libpam-modules 0.99.7.1-6 Pluggable Authentication Modules f ii libpam-runtime 0.99.7.1-6 Runtime support for the PAM librar ii libpam0g 0.99.7.1-6 Pluggable Authentication Modules l ii libselinux1 2.0.59-1 SELinux shared libraries ii libssl0.9.8 0.9.8g-10.1 SSL shared libraries ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-12 Linux Standard Base 3.2 init scrip ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-client 1:4.7p1-12 secure shell client, an rlogin/rsh ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-server recommends: ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.3-2 X authentication utility -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]