On Fri, 2018-01-12 at 07:09 -0500, Brian J. Murrell wrote: > I frequently get the following situation on my shorewall-lite > machine, > typically right after boot, where "shorewall-lite restart" has been > run > many times, overlapping even, I am sure as interfaces are brought up, > etc.: > > # ps -ef | grep shorewall > root 1094 1 0 Jan11 ? 00:00:01 lock /etc/shorewall- > lite/state/lock > root 2507 1 0 Jan11 ? 00:00:01 lock /etc/shorewall- > lite/state/lock > root 3124 1 0 Jan11 ? 00:00:00 lock /etc/shorewall- > lite/state/lock > root 7608 6935 0 06:29 pts/1 00:00:00 grep shorewall > root 11770 1 0 Jan11 ? 00:00:00 lock /etc/shorewall- > lite/state/lock ... > I wonder if anyone has any theories on what is going on here?
Here's one case where it happens: # ps -ef | grep \ lock | grep -v grep; /usr/sbin/shorewall-lite blacklist 185.170.42.18; ps -ef | grep \ lock | grep -v grep [notice there are no lock processes from the first ps | grep ] ERROR: The blacklist command is not supported in the current Shorewall Lite configuration root 31693 1 0 07:00 pts/1 00:00:00 lock /etc/shorewall-lite/state/lock # sleep 5 # ps -ef | grep \ lock | grep -v grep root 31693 1 0 07:00 pts/1 00:00:00 lock /etc/shorewall-lite/state/lock Not really sure why shorewall thinks the blacklist command is not available, but that is orthogonal. The issue here is clearly there is at least one code path where shorewall exits without cleaning up it's lock file. I wonder how many other non-happy-path cases there are like this. Cheers, b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users