You have been subscribed to a public bug by Victor Tapia (vtapia):
[Impact]
When SSSD tries to renew the machine password, a write_to_child_fd is
open but never closed, leaking a descriptor per request until it hits
the limit and SSSD stops.
[Test Case]
1. With an AD deployed, and having the machine registered, include the
following option in sssd.conf:
# This option should only be used to test the machine account renewal task. The
option expect 2 integers seperated by a colon (':'). The first integer defines
the interval in
# seconds how often the task is run. The second specifies the inital timeout in
seconds before the task is run for the first time after startup.
# Default: 86400:750 (24h and 15m)
ad_machine_account_password_renewal_opts = 5:5
2. Restart the service and monitor the use of descriptors:
root@sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc
-l; sleep 60; done
38
50
62
74
86
98
110
122
134
146
158
170
182
194
206
217
229
^C
[Other info]
The bug is reported and fixed upstream: https://pagure.io/SSSD/sssd/issue/3017
Trusty is not affected (feat not implemented) and A/B/C already include the fix
** Affects: sssd (Ubuntu)
Importance: Undecided
Assignee: Victor Tapia (vtapia)
Status: New
** Tags: sts sts-sru-needed
--
AD keytab renewal task leaks a file descriptor
https://bugs.launchpad.net/bugs/1771805
You received this bug notification because you are a member of STS Sponsors,
which is subscribed to the bug report.
--
Mailing list: https://launchpad.net/~sts-sponsors
Post to : sts-sponsors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~sts-sponsors
More help : https://help.launchpad.net/ListHelp
