https://bugzilla.wikimedia.org/show_bug.cgi?id=43188
Web browser: ---
Bug ID: 43188
Summary: Enhance imagescaler processes containment
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: File management
Assignee: wikibugs-l@lists.wikimedia.org
Reporter: fai...@wikimedia.org
CC: bawolff...@gmail.com, bryan.tongm...@gmail.com
Classification: Unclassified
Mobile Platform: ---
We often see scaler processes (convert, avconv etc.) hang for various reasons.
For example, we've seen convert and avconv both hang in some cases, when they
can't allocate more memory than the one limited to them by MediaWiki's ulimit
call.
We should both handle such cases and also contain them better than we do now,
for security reasons.
Tim Starling and I have discussed various approaches for this in the past. I
proposed an LD_PRELOAD wrapper that would abort whenever malloc() is unable to
allocate memory (hackish, but might work). We could also use cgroups, as
they're better at tracking resources than ulimits and they can also prove
useful at containing what those processes can do in case of security exploits.
Finally, we can probably also use something like SIGALRM or non-blocking pipe
calls so that the parent process counts the time of waiting for its child and,
if times out, kills it.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
