-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
External commands (eg reload) with v5.4 are broken in Docker #676
Comments
Tested only with: e2guardian -N |
I was not able to fully replicate this issue. I only found #678. Other signal functions worked ok for me. Is this a file/directory permission problem?? |
Maybe but there is nothing obvious for me
|
Fred,
When you run e2guardian -N and the other commands are you doing this as root or as e2guardian user?
Philip
----- Original Message -----
… From: "Fredb" ***@***.***>
To: "e2guardian/e2guardian" ***@***.***>
Cc: "Philip Pearce" ***@***.***>, "Assign"
***@***.***>
Sent: Monday, 19 April, 2021 3:43:07 PM
Subject: Re: [e2guardian/e2guardian] External commands (eg reload)
with v5.4 are broken (#676)
Maybe but there is nothing obvious for me $ e2guardian --help
Usage: e2guardian [{-c ConfigFileName|-v|-P|-h|-N|-q|-s|-r|-g|-i}]
-v gives the version number and build options.
-h gives this message.
-c allows you to specify a different configuration file location.
-N Do not go into the background.
-q causes e2guardian to kill any running copy.
-Q kill any running copy AND start a new one with current options.
-s shows the parent process PID and exits.
-r reloads lists and group config files by issuing a HUP,
but this does not reset the httpworkers option (amongst others).
-g same as -r (Issues a USR1)
-i read lists from stdin
$ e2guardian -r
No e2guardian process found.
$ ls -la /etc/e2guardian
total 280
drwxrwxrwx 10 e2guardian e2guardian 4096 Apr 16 15:52 .
drwxr-xr-x 1 root root 4096 Apr 16 12:11 ..
drwxr-xr-x 2 e2guardian e2guardian 4096 Apr 12 10:19 authplugins
-rw-r--r-- 1 e2guardian e2guardian 11133 Apr 13 09:09 common.story
drwxr-xr-x 2 e2guardian e2guardian 4096 Apr 12 10:19
contentscanners
drwxr-xr-x 2 e2guardian e2guardian 4096 Apr 12 10:19
downloadmanagers
-rw-r--r-- 1 e2guardian e2guardian 43094 Apr 15 16:11
e2guardian.conf
-rw-r--r-- 1 e2guardian e2guardian 31759 Apr 13 15:26
e2guardianf1.conf
-rw-r--r-- 1 e2guardian e2guardian 2265 Apr 12 10:19
examplef1.story
drwxr-x--- 29 e2guardian e2guardian 4096 Apr 12 15:34 languages
drwxr-xr-x 9 e2guardian e2guardian 4096 Apr 13 12:58 lists
-rw-r--r-- 1 e2guardian e2guardian 2149 Apr 13 15:20 preauth.story
$ ls -la /run/e2guardian
total 8
drwxr-xr-x 1 e2guardian root 4096 Apr 19 16:38 .
drwxr-xr-x 1 root root 4096 Apr 16 11:51 ..
-rw-r--r-- 1 e2guardian e2guardian 0 Apr 19 16:38 e2.pid
ps -edf | grep e2
e2guardian 2764 2747 0 16:36 ? 00:00:01 e2guardian -N
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub , or unsubscribe .
|
As e2guardian More details here: |
docker pull fredbcode/e2guardian:v5.4-test if needed |
strace ``
root@5972e029f412:/tmp# cat /run/e2guardian/e2.pid
|
Ok I found something pid < 6 = error Reproduce easily with
|
Can you try latest? Problem seems to be that Docker is using pid 1 for e2g. In Linux/BSD pid 1 is reserved for init process so is illegal. I've now added a conditional check so that pid 1 is allowed when "dockermode" is enabled. Can you see if that fixes it? |
Same issue, be careful the limit is 5 not just 1, with 6 it works 1,2,3,4,5 -> No process e2guardian found FI, process with docker can be 1 but also another, in my case yes it's 1 |
With strace I'm seeing there is no Kill test 0 in the issue case (1..5) You can "test" with echo 6 > /path/e2.pid |
There is something odd happening here - there is no exclusion of id less than 6 in e2g code - it must be something to do with how pids are handled in Docker. Also, adding id above 5 to e2.pid manually should not work as this is not the pid of e2g (1). So it may say OK but it reporting/killing another process and not e2g! |
Of course it didn't works, just the returns from e2 is an error message in this this case and not beyond 5 Do you have e2 on physical machine for testing this ? |
Yes, I have tested on a physical machine and all works OK. It looks as if Docker reserves pid 1-5 and does not allow the system kill() call to them. i.e. It will not allow a kill (even a NOOP signal) to the container id. This issue with Docker would be in previous versions too. Looking at Docker site - would not a better approach with Docker be to send the signal to the Docker container with the docker kill command rather than using the e2g flags? |
I should see a kill call with strace, no ? Maybe we could generated a number beyond 5, when we are in docker mode ? in sysv_writetpidefile ? |
Ah, of course not |
Philip I found a solution, I'm using "init" flag and now my process is ... The container’s main process is responsible for managing all processes that it starts. In some cases, the main process isn’t well-designed, and doesn’t handle “reaping” (stopping) child processes gracefully when the container exits. If your process falls into this category, you can use the --init option when you run the container. The --init flag inserts a tiny init-process into the container as the main process, and handles reaping of all processes when the container exits. Handling such processes this way is superior to using a full-fledged init process such as sysvinit, upstart, or systemd to handle process lifecycle within your container. Sorry for the noise ... |
There is now a public docker image, I updated the release note |
That is great! OK to close? |
Yep |
Hum, maybe we should remove your commit ? |
With v5.4 and e2guardian -N
get_pid() is not working
e2guardian -r
No e2guardian process found.
e2guardian -s
No e2guardian process found.
The text was updated successfully, but these errors were encountered: