Re: [Shorewall-users] locking processes left behind

Fri, 12 Jan 2018 10:35:22 -0800 

On 01/12/2018 04:09 AM, Brian J. Murrell wrote:
> I frequently get the following situation on my shorewall-lite machine,
> typically right after boot, where "shorewall-lite restart" has been run
> many times, overlapping even, I am sure as interfaces are brought up,
> etc.:
> 
> # ps -ef | grep shorewall
> root      1094     1  0 Jan11 ?        00:00:01 lock 
> /etc/shorewall-lite/state/lock
> root      2507     1  0 Jan11 ?        00:00:01 lock 
> /etc/shorewall-lite/state/lock
> root      3124     1  0 Jan11 ?        00:00:00 lock 
> /etc/shorewall-lite/state/lock
> root      7608  6935  0 06:29 pts/1    00:00:00 grep shorewall
> root     11770     1  0 Jan11 ?        00:00:00 lock 
> /etc/shorewall-lite/state/lock
> 
> # ls -l /etc/shorewall-lite/state/lock
> ls: /etc/shorewall-lite/state/lock: No such file or directory
> # ls -l /proc/{1094,2507,3124,11770}/fd/
> /proc/1094/fd/:
> lr-x------    1 root     root            64 Jan 12 06:26 0 -> /dev/null
> l-wx------    1 root     root            64 Jan 12 06:26 1 -> pipe:[1896]
> l-wx------    1 root     root            64 Jan 12 06:26 12 -> pipe:[1896]
> l-wx------    1 root     root            64 Jan 12 06:26 2 -> pipe:[1896]
> lrwx------    1 root     root            64 Jan 12 06:26 3 -> 
> /etc/shorewall-lite/state/lock (deleted)
> 
> /proc/11770/fd/:
> lrwx------    1 root     root            64 Jan 12 06:30 0 -> /dev/null
> lrwx------    1 root     root            64 Jan 12 06:30 1 -> /dev/null
> l-wx------    1 root     root            64 Jan 12 06:30 13 -> pipe:[1718]
> lrwx------    1 root     root            64 Jan 12 06:30 2 -> /dev/null
> lrwx------    1 root     root            64 Jan 12 06:30 3 -> 
> /etc/shorewall-lite/state/lock (deleted)
> 
> /proc/2507/fd/:
> lrwx------    1 root     root            64 Jan 12 06:30 0 -> /dev/null
> lrwx------    1 root     root            64 Jan 12 06:30 1 -> /dev/null
> l-wx------    1 root     root            64 Jan 12 06:30 13 -> pipe:[1718]
> lrwx------    1 root     root            64 Jan 12 06:30 2 -> /dev/null
> lrwx------    1 root     root            64 Jan 12 06:30 3 -> 
> /etc/shorewall-lite/state/lock (deleted)
> 
> /proc/3124/fd/:
> lrwx------    1 root     root            64 Jan 12 06:30 0 -> /dev/null
> lrwx------    1 root     root            64 Jan 12 06:30 1 -> /dev/null
> l-wx------    1 root     root            64 Jan 12 06:30 13 -> pipe:[1718]
> lrwx------    1 root     root            64 Jan 12 06:30 2 -> /dev/null
> lrwx------    1 root     root            64 Jan 12 06:30 3 -> 
> /etc/shorewall-lite/state/lock (deleted)
> # lsof -n | grep state/lock
> lock       1094    root    3u      REG       0,14        5      13407 
> /etc/shorewall-lite/state/lock (deleted)
> lock       2507    root    3u      REG       0,14        5      13415 
> /etc/shorewall-lite/state/lock (deleted)
> lock       3124    root    3u      REG       0,14        5      13448 
> /etc/shorewall-lite/state/lock (deleted)
> lock      11770    root    3u      REG       0,14        6      13663 
> /etc/shorewall-lite/state/lock (deleted)
> 
> I wonder if anyone has any theories on what is going on here?
> 

I do not -- here is the only code in Shorewall that invoked 'lock' (one
line might appear folded by my mailer):

mutex_on()
{
    local try
    try=0
    local lockf
    lockf=${LOCKFILE:=${VARDIR}/lock}
    local lockpid
    local lockd

    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}

    if [ $MUTEX_TIMEOUT -gt 0 ]; then

        lockd=$(dirname $LOCKFILE)

        [ -d "$lockd" ] || mkdir -p "$lockd"

        if [ -f $lockf ]; then
            lockpid=`cat ${lockf} 2> /dev/null`
            if [ -z "$lockpid" -o $lockpid = 0 ]; then
                rm -f ${lockf}
                error_message "WARNING: Stale lockfile ${lockf} removed"
            elif [ $lockpid -eq $$ ]; then
                return 0
            elif ! ps | grep -v grep | qt grep ${lockpid}; then
                rm -f ${lockf}
                error_message "WARNING: Stale lockfile ${lockf} from pid 
${lockpid}
removed"
            fi
        fi

        if qt mywhich lockfile; then
            lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
            chmod u+w ${lockf}
            echo $$ > ${lockf}
            chmod u-w ${lockf}
        elif qt mywhich lock; then
            lock ${lockf}
            chmod u=r ${lockf}
        else
            while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
                sleep 1
                try=$((${try} + 1))
            done

            if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
                # Create the lockfile
                echo $$ > ${lockf}
            else
                echo "Giving up on lock file ${lockf}" >&2
            fi
        fi
    fi
}

The part that invoked 'lock' was contributed, as I recall.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to