problem with chpst and memory locking

problem with chpst and memory locking

[Vincent Danen]

[-- Attachment #1: Type: text/plain, Size: 3629 bytes --]

I've got a problem that I think I may have encountered before a few
years back, but don't recall what the underlying cause was.

I'm using uschedule, and of course it uses chpst to run the logging
service under the user.  The log/run script looks like this:

#! /bin/sh
exec 2>&1
cd '/home/vdanen/.uschedule/log' || exit 1
exec \
/sbin/chpst -m 800000 -o 400 -p 40 \
chpst -u vdanen \
./run


and the /home/vdanen/.uschedule/log/run script looks like:

#! /bin/sh
exec \
/sbin/chpst -m 500000 -o 200 -p 20 \
/sbin/svlogd -tt \
./

It's a little ugly, yes, but uschedule was written for djb's stuff so I
ported it and left as much "intact" as possible.

Anyways, if I try to run uschedule like this, I get:

[root@artemis log]# ./run
Killed

If I ommit the -m call to set the memory limits, it works fine.
Thinking maybe it was trying to exceed what it could get (via ulimit
settings), I tried this:

[root@artemis log]# chpst -m 100000 -u vdanen /bin/sh
Killed
[root@artemis log]# chpst -u vdanen /bin/sh
sh: /root/.bashrc: Permission denied
[vdanen@artemis log]$ ulimit -a
core file size          (blocks, -c) 1000000
data seg size           (kbytes, -d) 12288
scheduling priority             (-e) 20
file size               (blocks, -f) unlimited
pending signals                 (-i) 16375
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 256
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 100
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

That memory setting should be well under the established limits.  An
strace shows me:

[root@artemis log]# strace chpst -m 100000 -u vdanen /bin/sh
execve("/sbin/chpst", ["chpst", "-m", "100000", "-u", "vdanen", "/bin/sh"], [/* 41 vars */]) = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\216\266\246\243\vp\245\242", 8) = 8
close(3)                                = 0
open("/etc/passwd", O_RDONLY)           = 3
lseek(3, 0, SEEK_END)                   = 1486
mmap(NULL, 1486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b5440b0a000
close(3)                                = 0
munmap(0x2b5440b0a000, 1486)            = 0
setgroups(1, [1001])                    = 0
setgid(1001)                            = 0
setuid(1001)                            = 0
getrlimit(RLIMIT_DATA, {rlim_cur=12288*1024, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_DATA, {rlim_cur=100000, rlim_max=RLIM_INFINITY}) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_STACK, {rlim_cur=100000, rlim_max=RLIM_INFINITY}) = 0
getrlimit(RLIMIT_MEMLOCK, {rlim_cur=32*1024, rlim_max=32*1024}) = 0
setrlimit(RLIMIT_MEMLOCK, {rlim_cur=32*1024, rlim_max=32*1024}) = 0
getrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_AS, {rlim_cur=100000, rlim_max=RLIM_INFINITY}) = 0
execve("/bin/sh", ["/bin/sh"], [/* 41 vars */]) = -1 ENOMEM (Cannot allocate memory)
+++ killed by SIGKILL +++


Does anyone know why this is happening?  If I'm recalling correctly, I
think dietlibc or a change in dietlibc was the culprit before, but I
can't remember.

Removing the memory restrictions to the chpst calls works well enough,
but it would be nice to be able to use them since they are there.

-- 
Vincent Danen @ http://linsec.ca/

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

Re: problem with chpst and memory locking

[Vincent Danen]

[-- Attachment #1: Type: text/plain, Size: 2130 bytes --]

* Vincent Danen <vdanen@linsec.ca> [2007-12-21 18:58:48 -0700]:

[...]
> That memory setting should be well under the established limits.  An
> strace shows me:
>
> [root@artemis log]# strace chpst -m 100000 -u vdanen /bin/sh
> execve("/sbin/chpst", ["chpst", "-m", "100000", "-u", "vdanen", "/bin/sh"], [/* 41 vars */]) = 0
> open("/dev/urandom", O_RDONLY)          = 3
> read(3, "\216\266\246\243\vp\245\242", 8) = 8
> close(3)                                = 0
> open("/etc/passwd", O_RDONLY)           = 3
> lseek(3, 0, SEEK_END)                   = 1486
> mmap(NULL, 1486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b5440b0a000
> close(3)                                = 0
> munmap(0x2b5440b0a000, 1486)            = 0
> setgroups(1, [1001])                    = 0
> setgid(1001)                            = 0
> setuid(1001)                            = 0
> getrlimit(RLIMIT_DATA, {rlim_cur=12288*1024, rlim_max=RLIM_INFINITY}) = 0
> setrlimit(RLIMIT_DATA, {rlim_cur=100000, rlim_max=RLIM_INFINITY}) = 0
> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
> setrlimit(RLIMIT_STACK, {rlim_cur=100000, rlim_max=RLIM_INFINITY}) = 0
> getrlimit(RLIMIT_MEMLOCK, {rlim_cur=32*1024, rlim_max=32*1024}) = 0
> setrlimit(RLIMIT_MEMLOCK, {rlim_cur=32*1024, rlim_max=32*1024}) = 0
> getrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
> setrlimit(RLIMIT_AS, {rlim_cur=100000, rlim_max=RLIM_INFINITY}) = 0
> execve("/bin/sh", ["/bin/sh"], [/* 41 vars */]) = -1 ENOMEM (Cannot allocate memory)
> +++ killed by SIGKILL +++
>
>
> Does anyone know why this is happening?  If I'm recalling correctly, I
> think dietlibc or a change in dietlibc was the culprit before, but I
> can't remember.
>
> Removing the memory restrictions to the chpst calls works well enough,
> but it would be nice to be able to use them since they are there.

/me feels stupid

The problem is bash has been updated and apparently requires more
memory.  Time to replace those scripts with execline-based ones I think.

Sorry for the noise.

-- 
Vincent Danen @ http://linsec.ca/

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]