Re: [Shorewall-users] locking processes left behind

Wed, 28 Feb 2018 08:52:50 -0800 

On 02/28/2018 04:04 AM, Brian J. Murrell wrote:
> On Fri, 2018-01-12 at 07:09 -0500, Brian J. Murrell wrote:
>> I frequently get the following situation on my shorewall-lite
>> machine,
>> typically right after boot, where "shorewall-lite restart" has been
>> run
>> many times, overlapping even, I am sure as interfaces are brought up,
>> etc.:
>>
>> # ps -ef | grep shorewall
>> root      1094     1  0 Jan11 ?        00:00:01 lock /etc/shorewall-
>> lite/state/lock
>> root      2507     1  0 Jan11 ?        00:00:01 lock /etc/shorewall-
>> lite/state/lock
>> root      3124     1  0 Jan11 ?        00:00:00 lock /etc/shorewall-
>> lite/state/lock
>> root      7608  6935  0 06:29 pts/1    00:00:00 grep shorewall
>> root     11770     1  0 Jan11 ?        00:00:00 lock /etc/shorewall-
>> lite/state/lock
> ...
>> I wonder if anyone has any theories on what is going on here?
> 
> Here's one case where it happens:
> 
> # ps -ef | grep \ lock | grep -v grep; /usr/sbin/shorewall-lite blacklist 
> 185.170.42.18; ps -ef | grep \ lock | grep -v grep
> [notice there are no lock processes from the first ps | grep ]
>    ERROR: The blacklist command is not supported in the current Shorewall 
> Lite configuration
> root     31693     1  0 07:00 pts/1    00:00:00 lock 
> /etc/shorewall-lite/state/lock
> # sleep 5
> # ps -ef | grep \ lock | grep -v grep
> root     31693     1  0 07:00 pts/1    00:00:00 lock 
> /etc/shorewall-lite/state/lock
> 
> Not really sure why shorewall thinks the blacklist command is not
> available, but that is orthogonal.  The issue here is clearly there is
> at least one code path where shorewall exits without cleaning up it's
> lock file.  I wonder how many other non-happy-path cases there are like
> this.

There are quite a few, but they are only an issue for people who have to
rely on the obscure 'lock' utility. The rest just get a 'stale lock file
removed' message the next time that they run shorewall[6][-lite]. I'll
try to come up with a fix against 5.1.12...

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to