On 12 May 2016 at 19:43, Felipe Sateler <fsate...@debian.org> wrote: > On 12 May 2016 at 18:55, Sebastian Andrzej Siewior > <sebast...@breakpoint.cc> wrote: >> On 2016-05-11 12:12:42 [-0400], Joey Hess wrote: >>> Looks like it was being killed each time by the OOM killer. Which makes >>> sense; clamav uses 18% of the system's 2 gb of ram and so will be the >>> top target. >>> >>> I think there should be something to prevent this runaway scenario. >>> Maybe a delay, or maybe avoid restarting repeatedly. >>> >>> May 8 13:58:14 kite kernel: [12577316.169029] Out of memory: Kill >>> process 14646 (clamd) score 115 or sacrifice child >>> May 8 13:58:14 kite kernel: [12577316.169043] Killed process 14646 >>> (clamd) total-vm:425680kB, anon-rss:264680kB, file-rss:0kB >>> May 8 13:58:29 kite kernel: [12577330.925647] Out of memory: Kill >>> process 14662 (clamd) score 115 or sacrifice child >>> May 8 13:58:29 kite kernel: [12577330.925663] Killed process 14662 >>> (clamd) total-vm:425936kB, anon-rss:264684kB, file-rss:12kB >> >> This does not look like multiple times per seond. >> If I 'kill -9 `pidif clamd`' then it does not come back. The service >> file does not say to restart it: >> >> |systemctl show clamav-daemon.service | grep Restart >> |Restart=no >> |RestartUSec=100ms >> >> So it remains offs. However we have socket activation for clamd. So >> assuming that you have a mailserver poking at the socket then it will >> bring clamd back from the death. >> >> I have no idea how to limit / disable the restart or make it >> configurable in this case. Maybe someone with systemfoo has an idea :) > > This functionality will come with systemd 230: > https://github.com/systemd/systemd/pull/3148 , so nothing out of the > box yet. > > A more involved solution (but working right now) would be to have > OnFailure=clamav-failed.service and have clamav-failed.service stop > the socket.
For clarification: this would stop the socket only on failure. A simpler solution that would stop the socket always would be to have ExecStopPost=/bin/systemctl --no-block stop clamav-daemon.socket On the service. If clamav-daemon never exits on its own, then this might be a better solution -- Saludos, Felipe Sateler
