[Bug 1771805] Re: AD keytab renewal task leaks a file descriptor

Thu, 24 May 2018 07:11:29 -0700 

** Description changed:

  [Impact]
  
  When SSSD tries to renew the machine password, a write_to_child_fd is
  open but never closed, leaking a descriptor per request until it hits
  the limit and SSSD stops.
  
  [Test Case]
  
  1. With an AD deployed, and having the machine registered, include the
  following option in sssd.conf:
  
  # This option should only be used to test the machine account renewal task. 
The option expect 2 integers seperated by a colon (':'). The first integer 
defines the interval in
  # seconds how often the task is run. The second specifies the inital timeout 
in seconds before the task is run for the first time after startup.
  # Default: 86400:750 (24h and 15m)
  ad_machine_account_password_renewal_opts = 5:5
  
  2. Restart the service and monitor the use of descriptors:
  
  root@sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | 
wc -l; sleep 60; done
  38
  50
  62
  74
  86
  98
  110
  122
  134
  146
  158
  170
  182
  194
  206
  217
  229
  ^C
  
+ [Regression potential]
+ 
+ * Small, the fix comes from upstream and it's been present for some time.
+ * A fd could still leak, or the AD machine password renewal could stop 
working.
+ 
  [Other info]
  
  The bug is reported and fixed upstream:
  https://pagure.io/SSSD/sssd/issue/3017
  
  Upstream fix commit:
  https://pagure.io/SSSD/sssd/c/312d211e03b9f3769a0362f1767cc59792e32746
  
  Trusty is not affected (feat not implemented) and A/B/C already include
  the fix :
  
  $ git describe 312d211e03b9f3769a0362f1767cc59792e32746
  sssd-1_13_4-10-g312d211e0
  
  $ rmadison sssd
  ==> sssd | 1.13.4-1ubuntu1.10 | xenial-updates
-     sssd | 1.15.3-2ubuntu1    | artful
-     sssd | 1.16.1-1ubuntu1    | bionic 
-     sssd | 1.16.1-1ubuntu1    | cosmic
-     sssd | 1.16.1-1ubuntu3    | cosmic-proposed
+     sssd | 1.15.3-2ubuntu1    | artful
+     sssd | 1.16.1-1ubuntu1    | bionic
+     sssd | 1.16.1-1ubuntu1    | cosmic
+     sssd | 1.16.1-1ubuntu3    | cosmic-proposed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771805

Title:
  AD keytab renewal task leaks a file descriptor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1771805/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to