** Also affects: sssd (Ubuntu Xenial) Importance: Undecided Status: New
** Changed in: sssd (Ubuntu Xenial) Assignee: (unassigned) => Victor Tapia (vtapia) ** Changed in: sssd (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: sssd (Ubuntu Xenial) Status: New => In Progress ** Description changed: [Impact] When SSSD tries to renew the machine password, a write_to_child_fd is open but never closed, leaking a descriptor per request until it hits the limit and SSSD stops. [Test Case] 1. With an AD deployed, and having the machine registered, include the following option in sssd.conf: # This option should only be used to test the machine account renewal task. The option expect 2 integers seperated by a colon (':'). The first integer defines the interval in # seconds how often the task is run. The second specifies the inital timeout in seconds before the task is run for the first time after startup. # Default: 86400:750 (24h and 15m) ad_machine_account_password_renewal_opts = 5:5 2. Restart the service and monitor the use of descriptors: root@sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc -l; sleep 60; done 38 50 62 74 86 98 110 122 134 146 158 170 182 194 206 217 229 ^C - [Other info] - The bug is reported and fixed upstream: https://pagure.io/SSSD/sssd/issue/3017 - Trusty is not affected (feat not implemented) and A/B/C already include the fix + The bug is reported and fixed upstream: + https://pagure.io/SSSD/sssd/issue/3017 + + Upstream fix commit: + https://pagure.io/SSSD/sssd/c/312d211e03b9f3769a0362f1767cc59792e32746 + + Trusty is not affected (feat not implemented) and A/B/C already include + the fix : + + $ git describe 312d211e03b9f3769a0362f1767cc59792e32746 + sssd-1_13_4-10-g312d211e0 + + $ rmadison sssd + ==> sssd | 1.13.4-1ubuntu1.10 | xenial-updates + sssd | 1.15.3-2ubuntu1 | artful + sssd | 1.16.1-1ubuntu1 | bionic + sssd | 1.16.1-1ubuntu1 | cosmic + sssd | 1.16.1-1ubuntu3 | cosmic-proposed ** Changed in: sssd (Ubuntu) Assignee: Victor Tapia (vtapia) => (unassigned) ** Changed in: sssd (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1771805 Title: AD keytab renewal task leaks a file descriptor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1771805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs