The sleep in polkit-read-auth-helper is critical in changing the behaviour
of hal-acl-tool. (Looking into the strace of hal-acl-tool, I wonder if
this is due to hal-acl-tool using real-time signals, e.g. SIGRTMIN, and
thus requiring that polkit-read-auth-helper respond quickly?) If I rename
polkit-read-auth-helper to polkit-ian and replace it with this C program:
int main(int argc, char **argv) {
execv("/usr/lib/policykit/polkit-ian",argv);
}
nothing changes - the load average stays way up and I see the looping of
thousands of polkit-ian called by hal-acl-tool.
# lastcomm
[...]
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
hal-acl-tool S root ?? 0.13 secs Thu Apr 16 07:00
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
[...]
An inotify watch shows this repeated over and over:
# inotifywait -m -r /var/run/hald/
Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
/var/run/hald/ CREATE acl-list.7AAKSU
/var/run/hald/ OPEN acl-list.7AAKSU
/var/run/hald/ MODIFY acl-list.7AAKSU
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list.7AAKSU
/var/run/hald/ MOVED_FROM acl-list.7AAKSU
/var/run/hald/ MOVED_TO acl-list
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list
/var/run/hald/ CREATE acl-list.D908RU
/var/run/hald/ OPEN acl-list.D908RU
/var/run/hald/ MODIFY acl-list.D908RU
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list.D908RU
/var/run/hald/ MOVED_FROM acl-list.D908RU
/var/run/hald/ MOVED_TO acl-list
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list
[... about 50 lines of output every 10 seconds ...]
# cat /var/run/hald/acl-list
/dev/kvm /org/freedesktop/Hal/devices/kvm u 777
/dev/scd0 /org/freedesktop/Hal/devices/storage_model_CD_ROM_DRIVE_466 u
777
/dev/scd1 /org/freedesktop/Hal/devices/storage_model_CD_RW_GCE_8525B u
777
If I insert "sleep(1);" in front of the execv in the C program, the load
average drops and hal-acl-tool starts exiting badly ("X"):
[...]
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
hal-acl-tool X root ?? 0.10 secs Thu Apr 16 07:01
polkit-ian root ?? 0.00 secs Thu Apr 16 07:01
[...]
and everything changes in the inotify watch:
# inotifywait -m -r /var/run/hald/
Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list
/var/run/hald/ OPEN acl-list
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list
/var/run/hald/ OPEN acl-list
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list
/var/run/hald/ OPEN acl-list
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list
/var/run/hald/ OPEN acl-list
/var/run/hald/ CLOSE_WRITE,CLOSE acl-list
/var/run/hald/ OPEN acl-list
[... repeats every 20 seconds ...]
Changing sleep(1) to sleep(10) didn't lengthen the 20-second cycle.
I presume hal-acl-tool has some real-time response requirements that
the sleep(1) defeats, causing it to give up waiting for polkit-ian.
I ran some strace's of both programs, but I think that misbehaves
due to strace not preserving the exit status of the program it calls.
Here's some of the interesting strace output:
In two straces of polkit-read-auth-helper I see it checking for PolicyKit
entries for idallen and root (neither exist):
*********************************************************************
*** excerpts from one strace of polkit-read-auth-helper:
*********************************************************************
open("/etc/group", O_RDONLY|0x80000 /* O_??? */) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
stat64("/var/run/PolicyKit/user-idallen.auths", 0xbfeab4a8) = -1 ENOENT (No
such file or directory)
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
stat64("/var/lib/PolicyKit/user-idallen.auths", 0xbfeab4a8) = -1 ENOENT (No
such file or directory)
*********************************************************************
*** excerpts from another strace of polkit-read-auth-helper:
*********************************************************************
open("/etc/group", O_RDONLY|0x80000 /* O_??? */) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
stat64("/var/run/PolicyKit/user-root.auths", 0xbfd52b48) = -1 ENOENT (No
such file or directory)
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
stat64("/var/lib/PolicyKit/user-root.auths", 0xbfd52b48) = -1 ENOENT (No
such file or directory)
*********************************************************************
*********************************************************************
The straces of hal-acl-tool were more exciting. Some executions of this
program blocked on an flock(). Those that didn't looped like crazy.
Some finished after looping for a while, some didn't.
*********************************************************************
*** excerpts from one incomplete (killed?) strace of hal-acl-tool:
*********************************************************************
futex(0xbfde1ed0, 0x81 /* FUTEX_??? */, 1) = 0
rt_sigaction(SIGRTMIN, {0xb7cee280, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb7cee680, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="idallen-oak.home.idallen.ca", ...}) = 0
fstat64(1, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfde1694) = -1 ENOTTY
(Inappropriate ioctl for device)
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fc5000
open("/var/run/hald/acl-list", O_RDWR|O_CREAT, 0644) = 3
flock(3, LOCK_EX
*********************************************************************
*** excerpts from another strace of hal-acl-tool:
*********************************************************************
[...]
futex(0xbfc64d50, 0x81 /* FUTEX_??? */, 1) = 0
rt_sigaction(SIGRTMIN, {0xb7c71280, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb7c71680, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="idallen-oak.home.idallen.ca", ...}) = 0
fstat64(1, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfc64514) = -1 ENOTTY
(Inappropriate ioctl for device)
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f48000
open("/var/run/hald/acl-list", O_RDWR|O_CREAT, 0644) = 3
flock(3, LOCK_EX) = 0
brk(0) = 0x96b9000
brk(0x96da000) = 0x96da000
socket(PF_FILE, SOCK_STREAM, 0) = 4
connect(4, {sa_family=AF_FILE, path=@/var/run/hald/dbus-Y8HN7SGUxI}, 32) = 0
fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
geteuid32() = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
poll([{fd=4, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
write(4, "\0", 1) = 1
write(4, "AUTH EXTERNAL 30\r\n", 18) = 18
poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, -1) = 1
read(4, "OK 96277e4797f9a54ffbfef5d649e2c3c9\r\n", 2048) = 37
poll([{fd=4, events=POLLOUT, revents=POLLOUT}], 1, -1) = 1
write(4, "BEGIN\r\n", 7) = 7
poll([{fd=4, events=POLLIN|POLLOUT, revents=POLLOUT}], 1, -1) = 1
[...]
read(4, 0x96bf278, 2048) = -1 EAGAIN (Resource temporarily unavai
lable)
open("/etc/PolicyKit/PolicyKit.conf", O_RDONLY|O_LARGEFILE) = 5
[...]
read(5, "", 4096) = 0
close(5) = 0
open("/usr/share/PolicyKit/policy",
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) = 5
fstat64(5, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
getdents64(5, /* 20 entries */, 4096) = 1088
stat64("/usr/share/PolicyKit/policy/com.ubuntu.devicedriver.policy",
{st_mode=S_IFREG|0644, st_size=2687, ...}) = 0
open("/usr/share/PolicyKit/policy/com.ubuntu.devicedriver.policy",
O_RDONLY|O_LARGEFILE) = 6
[...]
close(6) = 0
open("/var/lib/PolicyKit-public/com.ubuntu.devicedriver.info.defaults-override",
O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/var/lib/PolicyKit-public/com.ubuntu.devicedriver.check.defaults-override",
O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/var/lib/PolicyKit-public/com.ubuntu.devicedriver.update.defaults-override",
O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/var/lib/PolicyKit-public/com.ubuntu.devicedriver.install.defaults-override",
O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
stat64("/usr/share/PolicyKit/policy/com.ubuntu.systemservice.policy",
{st_mode=S_IFREG|0644, st_size=1899, ...}) = 0
open("/usr/share/PolicyKit/policy/com.ubuntu.systemservice.policy",
O_RDONLY|O_LARGEFILE) = 6
[...repeat reading lots of PolicyKit files, then it starts looping...]
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 5
fcntl64(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
_llseek(5, 0, [0], SEEK_CUR) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=2504, ...}) = 0
mmap2(NULL, 2504, PROT_READ, MAP_SHARED, 5, 0) = 0xb7f34000
_llseek(5, 2504, [2504], SEEK_SET) = 0
munmap(0xb7f34000, 2504) = 0
close(5) = 0
pipe([5, 6]) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7c6c6f8) = 11608
--- SIGCHLD (Child exited) @ 0 (0) ---
close(6) = 0
select(6, [5], [], NULL, NULL) = 1 (in [5])
read(5, "", 4095) = 0
close(5) = 0
waitpid(11608, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 11608
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 5
_llseek(5, 0, [0], SEEK_CUR) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=2504, ...}) = 0
mmap2(NULL, 2504, PROT_READ, MAP_SHARED, 5, 0) = 0xb7f34000
_llseek(5, 2504, [2504], SEEK_SET) = 0
munmap(0xb7f34000, 2504) = 0
close(5) = 0
pipe([5, 6]) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7c6c6f8) = 11609
close(6) = 0
select(6, [5], [], NULL, NULL) = 1 (in [5])
--- SIGCHLD (Child exited) @ 0 (0) ---
read(5, "", 4095) = 0
close(5) = 0
waitpid(11609, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 11609
[... repeat 508 more times opening /etc/passwd and cloning until
finally: ...]
--- SIGCHLD (Child exited) @ 0 (0) ---
read(5, "", 4095) = 0
close(5) = 0
waitpid(12124, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 12124
open("/var/run/hald/acl-list", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=199, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f34000
read(5,
"/dev/kvm\t/org/freedesktop/Hal/devices/kvm\tu\t777\n/dev/scd0\t/org/freedesktop/Hal/devices/storage_model_CD_ROM_DRIVE_466\tu\t777\n/dev/scd1\t/org/freedesktop/Hal/devices/storage_model_CD_RW_GCE_8525B\tu\t777\n",
4096) = 199
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7f34000, 4096) = 0
gettimeofday({1239877992, 5111}, NULL) = 0
open("/var/run/hald/acl-list.1N9GSU", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE,
0666) = 5
open("/usr/lib/charset.alias", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such
file or directory)
fcntl64(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat64(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f34000
_llseek(5, 0, [0], SEEK_CUR) = 0
write(5,
"/dev/kvm\t/org/freedesktop/Hal/devices/kvm\tu\t777\n/dev/scd0\t/org/freedesktop/Hal/devices/storage_model_CD_ROM_DRIVE_466\tu\t777\n/dev/scd1\t/org/freedesktop/Hal/devices/storage_model_CD_RW_GCE_8525B\tu\t777\n",
199) = 199
close(5) = 0
munmap(0xb7f34000, 4096) = 0
rename("/var/run/hald/acl-list.1N9GSU", "/var/run/hald/acl-list") = 0
flock(3, LOCK_UN) = 0
close(3) = 0
write(1, "11604: attempting to get lock on
/var/run/hald/acl-list\n\n****************************************************\n11604:
got lock on /var/run/hald/acl-list\n11604: reconfiguring all
ACL\'s\n\n****************************************************\n11604:
releasing lock on /var/run/hald/acl-list\n", 285) = 285
exit_group(0) = ?
*********************************************************************
*** excerpts from another incomplete strace of hal-acl-tool:
*********************************************************************
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 5
fcntl64(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
_llseek(5, 0, [0], SEEK_CUR) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=2504, ...}) = 0
mmap2(NULL, 2504, PROT_READ, MAP_SHARED, 5, 0) = 0xb7ef7000
_llseek(5, 2504, [2504], SEEK_SET) = 0
munmap(0xb7ef7000, 2504) = 0
close(5) = 0
pipe([5, 6]) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7c2f6f8) = 12127
--- SIGCHLD (Child exited) @ 0 (0) ---
close(6) = 0
select(6, [5], [], NULL, NULL) = 1 (in [5])
read(5, "", 4095) = 0
close(5) = 0
waitpid(12127, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 12127
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 5
_llseek(5, 0, [0], SEEK_CUR) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=2504, ...}) = 0
mmap2(NULL, 2504, PROT_READ, MAP_SHARED, 5, 0) = 0xb7ef7000
_llseek(5, 2504, [2504], SEEK_SET) = 0
munmap(0xb7ef7000, 2504) = 0
close(5) = 0
pipe([5, 6]) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7c2f6f8) = 12128
close(6) = 0
select(6, [5], [], NULL, NULL) = 1 (in [5])
--- SIGCHLD (Child exited) @ 0 (0) ---
read(5, "", 4095) = 0
close(5) = 0
waitpid(12128, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 12128
[... repeat 473 times until killed ...]
In general, the straces of hal-acl-tool showed it looping creating new
processes at a huge rate. (I presume these to be polkit-read-auth-helper.)
--
hal-acl-tool crashed with SIGSEGV in
polkit_authorization_db_is_session_authorized()
https://bugs.launchpad.net/bugs/361223
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
