** Description changed: [Impact] When SSSD tries to renew the machine password, a write_to_child_fd is open but never closed, leaking a descriptor per request until it hits the limit and SSSD stops. [Test Case] 1. With an AD deployed, and having the machine registered, include the following option in sssd.conf: # This option should only be used to test the machine account renewal task. The option expect 2 integers seperated by a colon (':'). The first integer defines the interval in # seconds how often the task is run. The second specifies the inital timeout in seconds before the task is run for the first time after startup. # Default: 86400:750 (24h and 15m) ad_machine_account_password_renewal_opts = 5:5 2. Restart the service and monitor the use of descriptors: root@sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc -l; sleep 60; done 38 50 62 74 86 98 110 122 134 146 158 170 182 194 206 217 229 ^C + [Regression potential] + + * Small, the fix comes from upstream and it's been present for some time. + * A fd could still leak, or the AD machine password renewal could stop working. + [Other info] The bug is reported and fixed upstream: https://pagure.io/SSSD/sssd/issue/3017 Upstream fix commit: https://pagure.io/SSSD/sssd/c/312d211e03b9f3769a0362f1767cc59792e32746 Trusty is not affected (feat not implemented) and A/B/C already include the fix : $ git describe 312d211e03b9f3769a0362f1767cc59792e32746 sssd-1_13_4-10-g312d211e0 $ rmadison sssd ==> sssd | 1.13.4-1ubuntu1.10 | xenial-updates - sssd | 1.15.3-2ubuntu1 | artful - sssd | 1.16.1-1ubuntu1 | bionic - sssd | 1.16.1-1ubuntu1 | cosmic - sssd | 1.16.1-1ubuntu3 | cosmic-proposed + sssd | 1.15.3-2ubuntu1 | artful + sssd | 1.16.1-1ubuntu1 | bionic + sssd | 1.16.1-1ubuntu1 | cosmic + sssd | 1.16.1-1ubuntu3 | cosmic-proposed
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1771805 Title: AD keytab renewal task leaks a file descriptor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1771805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs