Am Mittwoch, 6. April 2016, 18:07:26 CEST schrieb Ruediger Meier:
> I really hate that nscd. I've had also problems with it a few years
> ago on 11.4. (crashs, 100% CPU, ...). I wonder why the glibc people
> do not fix it. Instead they have added a "paranoia" mode to restart
> it regularly:
> http://serverfault.com/questions/463648/why-would-nscd-use-a-huge-amou
> nt-of-ram
> I'll try /etc/nscd.conf:
>         paranoia                yes
>         restart-interval        3600

You'll probably need to adjust the AppArmor profile a bit to allow that.
Otherwise, nscd won't be able to restart itsself (which effectively means
ignoring the paranoia mode).


The profile needs to allow reading /proc/$pid/cmdline, which means you'll 
need to add the rule
  @{PROC}/@{pid}/cmdline r,

The easiest way is probably:
    echo '@{PROC}/@{pid}/cmdline r,' >> /etc/apparmor.d/local/usr.sbin.nscd
    rcapparmor reload

This is fixed in the upstream profile (including the upcoming 2.9.3 and 
2.10.1 releases), but I slightly doubt this is worth an update for 
Evergreen ;-)


Christian Boltz
Eine Windows-Kiste als Tor zu Welt - das wäre ja so, als  würde man
einen Blinden, einen Lahmen und einen Tauben als Wachschutz einsetzen.
[Matthias Houdek in suse-linux]

Evergreen mailing list

Reply via email to