[lxc-users] PAM-CGFS error messages
Serge E. Hallyn
serge at hallyn.com
Sun Aug 21 17:42:41 UTC 2016
Quoting Andreas Kirbach (akirbach at forumhome.com):
> Hi all,
>
> we are getting PAM-CGFS error messages in our logs pretty often when
> Nagions checks are being performed:
> ---
> PAM-CGFS[84553]: Failed to create a cgroup for user nagios
> ---
>
> The OS is Debian Jessie with LXCFS 2.0.2 from Jessie-Backports.
>
> This seems to be the same issue as reported on
> http://askubuntu.com/questions/809144/upgrade-to-16-10-pam-cgfs-errors
>
> Digging through the code a bit, I wonder if this could be caused by some
> kind of race condition in cgfs_create_forone:
> ---
> if (exists(path)) {
> free(path);
> *existed = true;
> #if DEBUG
> fprintf(stderr, "%s existed\n", path);
> #endif
> return true;
> }
Hi,
thanks for commenting on this. Indeed the current behavior is wrong.
The right thing is not as simple as returning true though. If you
look at handle_login(), it checks for existed == 1 and continues with
the next index if so. But it will have bailed due to cgfs_create()
returning false before that. That is the bug. So handle_login()
should be doing:
*existed = false;
if (!cgfs_create(cg, uid, gid, &existed) && !existed) {
mysyslog(LOG_ERR, "Failed to create a cgroup for user %s\n", user);
return PAM_SESSION_ERR;
}
if (existed) {
idx++;
continue;
}
then !cgfs_create_forone() should return false when existed == true,
not true. I *think* that should handle all the cases correctly.
Does it look right to you? Do you want to send a patch for this? (Else
I can push it tonight)
thanks,
-serge
> bool pass = mkdir_p(c->mount_path, path);
> ---
>
> From my understanding of the code, wouldn't it be possible that another
> process is creating that directory right after the exists() check
> returned false and before the call to mkdir_p(), effectively making
> mkdir_p() fail?
>
> Kind regards,
> Andreas Kirbach
> --
> forumhome GmbH & Co. KG
> Bruchstr. 54a
> 67098 Bad Dürkheim
> Tel.: +49-6322-91 995-15
> Fax: +49-6322-91 995-19
>
> Andreas Kirbach
> Technischer Leiter
>
> akirbach at forumhome.com
> www.forumhome.com
>
> Geschäftsführer: Carsten Grentrup
>
> Handelsregister: Ludwigshafen/ Rhein HRA 60968
> USt-Id: DE 285 908 418
>
> ----------------------------------
> ----------------------------------
> Forumhome sucht Praktikanten im Bereich Online-Marketing, Webdesign und
> Webbasierte Softwareentwicklung!
> Interesse? Informieren Sie sich unter
> http://de.forumhome.com/content/10-jobs und schicken Sie uns Ihre
> Bewerbungsunterlagen an jobs at forumhome.com
> Wir freuen uns auf Sie!
> ----------------------------------
> ----------------------------------
>
> Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen.
> Wenn Sie nicht der beabsichtigte Empfänger oder dessen Vertreter sind,
> informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
> Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
> enthaltenen Informationen ist nicht gestattet.
>
> The information contained in this message is confidential or protected
> by law. If you are not the intended recipient, please contact the sender
> and delete this message.
> Any unauthorised copying of this message or unauthorised distribution of
> the information contained herein is prohibited.
>
> ---
> Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
> https://www.avast.com/antivirus
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list