Re: [Shorewall-users] locking processes left behind

Sun, 14 Jan 2018 07:47:23 -0800 

On 1/12/2018 7:33 PM, Tom Eastep wrote:
> On 01/12/2018 04:09 AM, Brian J. Murrell wrote:
>> I frequently get the following situation on my shorewall-lite machine,
>> typically right after boot, where "shorewall-lite restart" has been run
>> many times, overlapping even, I am sure as interfaces are brought up,
>> etc.:
>>
>> # ps -ef | grep shorewall
>> root      1094     1  0 Jan11 ?        00:00:01 lock 
>> /etc/shorewall-lite/state/lock
>> root      2507     1  0 Jan11 ?        00:00:01 lock 
>> /etc/shorewall-lite/state/lock
>> root      3124     1  0 Jan11 ?        00:00:00 lock 
>> /etc/shorewall-lite/state/lock
>> root      7608  6935  0 06:29 pts/1    00:00:00 grep shorewall
>> root     11770     1  0 Jan11 ?        00:00:00 lock 
>> /etc/shorewall-lite/state/lock
>>
>> # ls -l /etc/shorewall-lite/state/lock
>> ls: /etc/shorewall-lite/state/lock: No such file or directory
>> # ls -l /proc/{1094,2507,3124,11770}/fd/
>> /proc/1094/fd/:
>> lr-x------    1 root     root            64 Jan 12 06:26 0 -> /dev/null
>> l-wx------    1 root     root            64 Jan 12 06:26 1 -> pipe:[1896]
>> l-wx------    1 root     root            64 Jan 12 06:26 12 -> pipe:[1896]
>> l-wx------    1 root     root            64 Jan 12 06:26 2 -> pipe:[1896]
>> lrwx------    1 root     root            64 Jan 12 06:26 3 -> 
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> /proc/11770/fd/:
>> lrwx------    1 root     root            64 Jan 12 06:30 0 -> /dev/null
>> lrwx------    1 root     root            64 Jan 12 06:30 1 -> /dev/null
>> l-wx------    1 root     root            64 Jan 12 06:30 13 -> pipe:[1718]
>> lrwx------    1 root     root            64 Jan 12 06:30 2 -> /dev/null
>> lrwx------    1 root     root            64 Jan 12 06:30 3 -> 
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> /proc/2507/fd/:
>> lrwx------    1 root     root            64 Jan 12 06:30 0 -> /dev/null
>> lrwx------    1 root     root            64 Jan 12 06:30 1 -> /dev/null
>> l-wx------    1 root     root            64 Jan 12 06:30 13 -> pipe:[1718]
>> lrwx------    1 root     root            64 Jan 12 06:30 2 -> /dev/null
>> lrwx------    1 root     root            64 Jan 12 06:30 3 -> 
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> /proc/3124/fd/:
>> lrwx------    1 root     root            64 Jan 12 06:30 0 -> /dev/null
>> lrwx------    1 root     root            64 Jan 12 06:30 1 -> /dev/null
>> l-wx------    1 root     root            64 Jan 12 06:30 13 -> pipe:[1718]
>> lrwx------    1 root     root            64 Jan 12 06:30 2 -> /dev/null
>> lrwx------    1 root     root            64 Jan 12 06:30 3 -> 
>> /etc/shorewall-lite/state/lock (deleted)
>> # lsof -n | grep state/lock
>> lock       1094    root    3u      REG       0,14        5      13407 
>> /etc/shorewall-lite/state/lock (deleted)
>> lock       2507    root    3u      REG       0,14        5      13415 
>> /etc/shorewall-lite/state/lock (deleted)
>> lock       3124    root    3u      REG       0,14        5      13448 
>> /etc/shorewall-lite/state/lock (deleted)
>> lock      11770    root    3u      REG       0,14        6      13663 
>> /etc/shorewall-lite/state/lock (deleted)
>>
>> I wonder if anyone has any theories on what is going on here?
>>
> 
> I do not -- here is the only code in Shorewall that invoked 'lock' (one
> line might appear folded by my mailer):
> 
> mutex_on()
> {
>     local try
>     try=0
>     local lockf
>     lockf=${LOCKFILE:=${VARDIR}/lock}
>     local lockpid
>     local lockd
> 
>     MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
> 
>     if [ $MUTEX_TIMEOUT -gt 0 ]; then
> 
>       lockd=$(dirname $LOCKFILE)
> 
>       [ -d "$lockd" ] || mkdir -p "$lockd"
> 
>       if [ -f $lockf ]; then
>           lockpid=`cat ${lockf} 2> /dev/null`
>           if [ -z "$lockpid" -o $lockpid = 0 ]; then
>               rm -f ${lockf}
>               error_message "WARNING: Stale lockfile ${lockf} removed"
>           elif [ $lockpid -eq $$ ]; then
>                 return 0
>           elif ! ps | grep -v grep | qt grep ${lockpid}; then
>               rm -f ${lockf}
>               error_message "WARNING: Stale lockfile ${lockf} from pid 
> ${lockpid}
> removed"
>           fi
>       fi
> 
>       if qt mywhich lockfile; then
>           lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
>           chmod u+w ${lockf}
>           echo $$ > ${lockf}
>           chmod u-w ${lockf}
>       elif qt mywhich lock; then
>             lock ${lockf}
>             chmod u=r ${lockf}
>       else
>           while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
>               sleep 1
>               try=$((${try} + 1))
>           done
> 
>           if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
>               # Create the lockfile
>               echo $$ > ${lockf}
>           else
>               echo "Giving up on lock file ${lockf}" >&2
>           fi
>       fi
>     fi
> }
> 
> The part that invoked 'lock' was contributed, as I recall.
> 

If you are not on OpenWRT you may want to apply the attached patch.

-Matt
-- 
Matt Darfeuille

diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common
index 8ff2aa8b4..29876b1e2 100644
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -778,7 +778,7 @@ mutex_on()
            chmod u+w ${lockf}
            echo $$ > ${lockf}
            chmod u-w ${lockf}
-       elif qt mywhich lock; then
+       elif [ -f /etc/openwrt_release ] && qt mywhich lock; then
             lock ${lockf}
             chmod u=r ${lockf}
        else

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to