[
https://issues.apache.org/jira/browse/GUACAMOLE-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557409#comment-17557409
]
Nick Couchman commented on GUACAMOLE-1625:
------------------------------------------
I think this is a result of the fact that guacd uses fork/vfork to create the
child process, and all of the memory and file descriptors are copied.
I'm not sure there's a practical way to resolve this, aside from trying to
close out FDs after forking the child process, which seems like it may be
hard/expensive to determine which ones are safe to close and which need to
remain open?
It looks like there may be a possibility of opening the file descriptors with
the O_CLOEXEC flag, but I don't know what the implications of this are and if
there are any side effects that will impact how Guacamole functions.
https://unix.stackexchange.com/questions/91058/file-descriptor-and-fork
https://stackoverflow.com/questions/5713242/prevent-file-descriptors-inheritance-during-linux-fork
http://tzimmermann.org/2017/08/17/file-descriptors-during-fork-and-exec/
> Child processes inherit useless fd from parent processes
> --------------------------------------------------------
>
> Key: GUACAMOLE-1625
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1625
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd
> Affects Versions: 1.4.0
> Reporter: luo
> Priority: Minor
>
> For example, if we open three ssh connections in a row, the subprocesses will
> have more and more fd, which is actually not necessary
> Most fd's come from the socketpair() of the parent process
>
> {code:java}
> # ps aux | grep guacd
> root 6453 0.0 0.3 522844 14756 pts/0 Sl+ 19:24 0:00 guacd -f
> -Ldebug
> root 6457 0.2 0.9 628436 37176 pts/0 Sl 19:24 0:00 guacd -f
> -Ldebug
> root 6512 1.8 0.9 483508 38644 pts/0 Sl 19:31 0:00 guacd -f
> -Ldebug
> root 6605 0.0 0.0 21540 1084 pts/2 S+ 19:31 0:00 grep
> --color=auto guacd
> # cd /proc/6512/fd
> # ls
> 0 1 10 11 12 13 14 2 3 4 5 6 7 8 9
> # ps aux | grep guacd
> root 6453 0.0 0.3 678504 14756 pts/0 Sl+ 19:24 0:00 guacd -f
> -Ldebug
> root 6457 0.1 0.9 628436 37176 pts/0 Sl 19:24 0:00 guacd -f
> -Ldebug
> root 6512 0.2 0.9 483508 38752 pts/0 Sl 19:31 0:00 guacd -f
> -Ldebug
> root 6620 5.0 0.9 679600 38748 pts/0 Sl 19:31 0:00 guacd -f
> -Ldebug
> root 6713 0.0 0.0 21540 1104 pts/2 S+ 19:31 0:00 grep
> --color=auto guacd
> # cd /proc/6620/fd
> # ls
> 0 1 10 11 12 13 14 15 16 17 2 3 4 5 6 7 8 9
> # ps aux | grep guacd
> root 6453 0.0 0.3 703092 14756 pts/0 Sl+ 19:24 0:00 guacd -f
> -Ldebug
> root 6457 0.1 0.9 628436 37176 pts/0 Sl 19:24 0:00 guacd -f
> -Ldebug
> root 6512 0.1 0.9 483508 38752 pts/0 Sl 19:31 0:00 guacd -f
> -Ldebug
> root 6620 0.3 0.9 679600 38748 pts/0 Sl 19:31 0:00 guacd -f
> -Ldebug
> root 6720 1.2 0.9 761528 38804 pts/0 Sl 19:31 0:00 guacd -f
> -Ldebug
> root 6813 0.0 0.0 21540 1148 pts/2 S+ 19:31 0:00 grep
> --color=auto guacd
> # cd /proc/6720/fd
> # ls
> 0 1 10 11 12 13 14 15 16 17 18 19 2 20 3 4 5 6 7 8 9
> {code}
> This may cause libvncserver to fail using select() if the useless fd is
> larger than FD_SETSIZE
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
