From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1503
Path: news.gmane.org!not-for-mail
From: Alex Efros <powerman@powerman.asdfGroup.com>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: runit not collecting zombies
Date: Wed, 12 Sep 2007 20:04:50 +0300
Organization: asdfGroup Inc., http://powerman.asdfGroup.com/
Message-ID: <20070912170450.GE12043@home.power>
References: <m3lkdhnu66.fsf@multivac.cwru.edu> <Pine.LNX.4.64.0707151920550.11383@e-smith.charlieb.ott.istop.com> <20070716000927.GY23517@home.power> <Pine.LNX.4.64.0707152209260.11383@e-smith.charlieb.ott.istop.com> <47939.::ffff:77.75.72.5.1189601606.squirrel@mail.podgorny.cz> <Pine.LNX.4.64.0709120953140.26085@e-smith.charlieb.ott.istop.com> <20070912143557.GC12043@home.power> <Pine.LNX.4.64.0709121038030.26085@e-smith.charlieb.ott.istop.com> <20070912150047.GD12043@home.power> <35517.::ffff:77.75.72.5.1189613042.squirrel@mail.podgorny.cz>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1189616702 29464 80.91.229.12 (12 Sep 2007 17:05:02 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Wed, 12 Sep 2007 17:05:02 +0000 (UTC)
To: supervision@list.skarnet.org
Original-X-From: supervision-return-1738-gcsg-supervision=m.gmane.org@list.skarnet.org Wed Sep 12 19:04:58 2007
Return-path: <supervision-return-1738-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@gmane.org
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by lo.gmane.org with smtp (Exim 4.50)
	id 1IVVe0-0002Cn-Ik
	for gcsg-supervision@gmane.org; Wed, 12 Sep 2007 19:04:52 +0200
Original-Received: (qmail 12545 invoked by uid 76); 12 Sep 2007 17:05:13 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 12539 invoked from network); 12 Sep 2007 17:05:13 -0000
Mail-Followup-To: supervision@list.skarnet.org
Content-Disposition: inline
In-Reply-To: <35517.::ffff:77.75.72.5.1189613042.squirrel@mail.podgorny.cz>
User-Agent: Mutt/1.5.16 (2007-06-09)
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1503
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/1503>

Hi!

On Wed, Sep 12, 2007 at 06:04:02PM +0200, Radek Podgorny wrote:
> Alex, did I get it right you use gentoo? On what architecture? Stable or

Stable x86 (except few ~x86 packages like runit and svlogd), all 32bit.

I use Hardened Gentoo, and one of ideas is it's GrSecurity/PaX patches
introduce that bug - this may explain why a lot of vanilla kernel users
don't see this bug.
Another idea - some of other gentoo-specific kernel patches.
To test this I should stop using GrSecurity/PaX on production servers for
a weeks, and I dislike this idea.

> unstable? I use gentoo on all my machines (stable/unstable mix, x86/amd64
> mix, different kernels, ...) and some machines are OK, others are not.

Yeah, I've one server which don't have this issue. His admin made a
mistake many months ago - he installed too new gcc (which isn't support
hardened patches yet - SSP and PIE), and afraid to disgrade it on
production server. He wait until hardened patches will be released for
that gcc version to come back to hardened land. This is only noticeable
difference between our servers.

> Maybe this is gentoo specific somehow (exotic USE for glibc, wrong
> gcc?...). I'll get the versions from my machines and post it here, could
> you please do the same? Let's find what's common...

My servers and workstation use (unique lines) (all of them have this issue):
  2.6.20-hardened-r6 SMP i686 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz GenuineIntel
  2.6.20-hardened-r6     i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel
  2.6.20-hardened-r6     i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel
  2.6.20-hardened-r6     i686 AMD Athlon(tm) 64 Processor 3500+ AuthenticAMD
Server without zombie issue use:
  2.6.20-hardened-r6     i686 Intel(R) Celeron(R) CPU 2.00GHz GenuineIntel
Kernel configuration is 100% equal on server without zombies and my P4 servers.

All servers use:
  sys-libs/glibc-2.5-r4
  sys-devel/binutils-2.17

My servers use:
  sys-devel/gcc-3.4.6-r2  (with SSP and PIE)
Server without zombie issue use:
  sys-devel/gcc-4.1.1-r3

I've tried runit from 1.5.0 to 1.7.2 with patches from this maillist on my
servers. Server without this issue work on runit 1.5.0.

USE-flags on all servers are same:
  sys-kernel/hardened-sources-2.6.20-r6
    USE="-build -symlink"
  sys-libs/glibc-2.5-r4
    USE="hardened nls nptl nptlonly -build -debug -glibc-compat20 -glibc-omitfp -multilib -profile (-selinux)"
  sys-devel/binutils-2.17
    USE="nls -multislot -multitarget -test -vanilla"
  sys-devel/gcc-3.4.6-r2
    USE="hardened nls (-altivec) -bootstrap -boundschecking -build -d -doc -fortran -gcj -gtk -ip28 -ip32r10k -multilib -multislot (-n32) (-n64) -nocxx -nopie -nossp -objc -test -vanilla"
  sys-process/runit-1.7.2
    USE="-static"

-- 
			WBR, Alex.