* Ben Hutchings <b...@decadent.org.uk> [141101 14:02]: > On Sat, 2014-11-01 at 13:22 +0100, Christian Hofstaedtler wrote: > > * Ben Hutchings <b...@decadent.org.uk> [141101 06:26]: > > > On Sat, 2014-11-01 at 04:44 +0100, Christian Hofstaedtler wrote: > > > > I've tried to debug this a bit more tonight, and after a good 4 > > > > hours there are two things I can report: > > > > > > > > 1. with the default ruleset, udev leaks an ethtool socket to > > > > net.agent (and by extension to ifup, dhclient, ...) > > > > > > This is a bug but probably harmless. SIOCETHTOOL doesn't depend on any > > > socket state so it is normally used with an unconnected socket of an > > > arbitrary address family. > > > > While it may be harmless from a security POV, the leaked FD causes > > the udev worker to hold on to the forked-away net.agent process. > > How is that?
You're obviously correct; the extra FDs are red herrings.
dash "backs up" any FDs it redirects, so it can restore them
later on. bash just closes them outright in this situation (forked
subshell + parent exits), causing udev's spawn_read to immediately,
thereby marking the udev event as finished.
I've now looked at wheezy's udev, and the relevant functions are
virtually unchanged; IMVHO the redirection/fork hack likely never
worked the way it was meant to under dash.
Upstream commit 2004d23a0fcaa6e74631057a2ff75594a038d86e changed
udev's default log level from LOG_ERR to LOG_INFO (altough all older
versions always suggested that INFO was the default -- it wasn't).
That commit is part of systemd v209 and newer.
I'd suggest the following patch, as a stop gap for sysvinit users:
Index: systemd-215/debian/extra/net.agent
===================================================================
--- systemd-215.orig/debian/extra/net.agent 2014-09-27 17:50:52.000000000
+0200
+++ systemd-215/debian/extra/net.agent 2014-11-02 02:33:40.970469131 +0100
@@ -1,4 +1,4 @@
-#!/bin/sh -e
+#!/bin/bash -e
#
# run /sbin/{ifup,ifdown} with the --allow=hotplug option.
#
@@ -100,9 +100,12 @@ esac
}
-# When udev_log="debug" stdout and stderr are pipes connected to udevd.
+# When udev_log="info" (default) or "debug", stdout and stderr are
+# pipes connected to udevd.
# They need to be closed or udevd will wait for this process which will
# deadlock with udevsettle until the timeout.
+# Note that this trick does not work under dash, which "backs up" any
+# redirected FDs to FD 10 and higher.
do_everything > /dev/null 2> /dev/null &
exit 0
--
,''`. Christian Hofstaedtler <z...@debian.org>
: :' : Debian Developer
`. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03
`-
signature.asc
Description: Digital signature
