[Date Prev][Date Next]
Re: (ITS#7364) mdb: clean up POSIX semaphores on environment close.
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7364) mdb: clean up POSIX semaphores on environment close.
- From: firstname.lastname@example.org
- Date: Thu, 23 Aug 2012 06:04:44 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> email@example.com wrote:
>> Full_Name: Chris Mikkelson
>> Version: 2.4.32
>> OS: FreeBSD
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (126.96.36.199)
>> When a back-mdb database is closed, the POSIX semaphores created when the mdb
>> database was opened are left behind. This prevents a different user from opening
>> the database.
>> For example, if you run slapd as an unprivileged user, stop slapd, and do an
>> offline slapcat as root, slapd will not start up again as that unprivileged
>> user. The only ways to recover I've found are:
> This sounds like a bug in your platform's sem_open() syscall. If you first
> started slapd as an unprivileged user, the semaphore should be owned by that
> user. Running slapcat as root should not change the semaphore owner uid, and
> the unprivileged owner should still be able to access the semaphore later.
My mistake. Your patch looks good, committed. Thanks.
> Either that, or your description of the bug scenario is incomplete. I won't
> commit your patch without a more complete understanding of the bug.
>> a) reboot the machine
>> b) restore the database from the slapcat, ensuring that slapadd runs as the
>> correct user, or
>> c) write a small program to re-generate the semaphore names an remove them.
>> The patch at:
>> Attempts to upgrade the lockfile lock to exclusive when closing the environment.
>> If that upgrade succeeds, it removes the semaphores.
>> Patch has been tested on a BSD system. WIN32 has not been tested.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/