You have been subscribed to a public bug by Victor Tapia (vtapia): [Impact]
When SSSD tries to renew the machine password, a write_to_child_fd is open but never closed, leaking a descriptor per request until it hits the limit and SSSD stops. [Test Case] 1. With an AD deployed, and having the machine registered, include the following option in sssd.conf: # This option should only be used to test the machine account renewal task. The option expect 2 integers seperated by a colon (':'). The first integer defines the interval in # seconds how often the task is run. The second specifies the inital timeout in seconds before the task is run for the first time after startup. # Default: 86400:750 (24h and 15m) ad_machine_account_password_renewal_opts = 5:5 2. Restart the service and monitor the use of descriptors: root@sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc -l; sleep 60; done 38 50 62 74 86 98 110 122 134 146 158 170 182 194 206 217 229 ^C [Other info] The bug is reported and fixed upstream: https://pagure.io/SSSD/sssd/issue/3017 Trusty is not affected (feat not implemented) and A/B/C already include the fix ** Affects: sssd (Ubuntu) Importance: Undecided Assignee: Victor Tapia (vtapia) Status: New ** Tags: sts sts-sru-needed -- AD keytab renewal task leaks a file descriptor https://bugs.launchpad.net/bugs/1771805 You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. -- Mailing list: https://launchpad.net/~sts-sponsors Post to : sts-sponsors@lists.launchpad.net Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp