Bug#953860: marked as done (systemd-journald keeps open deleted mapped files - leak?)

Debian Bug Tracking System Sat, 26 Aug 2023 05:27:15 -0700

Your message dated Sat, 26 Aug 2023 14:25:35 +0200
with message-id <927d537a-a7f3-4862-b3f4-b6c85509d...@debian.org>
and subject line Re: Bug#953860: how to reproduce
has caused the Debian Bug report #953860,
regarding systemd-journald keeps open deleted mapped files - leak?
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
953860: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953860
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: systemd
Version: 245-2
Severity: normal

/var/log/journal/68f1b89bf8c73b0ed9ed905f535fa641/user-1000@802af85f15f0436cbbf371c9ef25cc3d-0000000000000000-0000000000000000.journal

On this system the above file is deleted but mapped, is this operating as
designed?  There are currently no processes of user 1000 running.  When I login
with the user who has uid 1000 it doesn't change anything, that deleted file is
still mapped.

-- Package-specific info:

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default

Versions of packages systemd depends on:
ii  adduser          3.118
ii  libacl1          2.2.53-6
ii  libapparmor1     2.13.3-7
ii  libaudit1        1:2.8.5-2+b1
ii  libblkid1        2.34-0.1
ii  libc6            2.30-1
ii  libcap2          1:2.32-1
ii  libcrypt1        1:4.4.15-1
ii  libcryptsetup12  2:2.3.0-1
ii  libgcrypt20      1.8.5-5
ii  libgnutls30      3.6.12-2
ii  libgpg-error0    1.37-1
ii  libidn2-0        2.3.0-1
ii  libip4tc2        1.8.4-3
ii  libkmod2         27-1
ii  liblz4-1         1.9.2-2
ii  liblzma5         5.2.4-1+b1
ii  libmount1        2.34-0.1
ii  libpam0g         1.3.1-5
ii  libpcre2-8-0     10.34-7
ii  libseccomp2      2.4.2-2
ii  libselinux1      3.0-1+b1
ii  libsystemd0      245-2
ii  mount            2.34-0.1
ii  util-linux       2.34-0.1

Versions of packages systemd recommends:
ii  dbus  1.12.16-2

Versions of packages systemd suggests:
pn  policykit-1        <none>
pn  systemd-container  <none>

Versions of packages systemd is related to:
pn  dracut           <none>
ii  initramfs-tools  0.136
pn  libnss-systemd   <none>
ii  libpam-systemd   245-2
ii  udev             245-2

-- Configuration Files:
/etc/systemd/timesyncd.conf changed [not included]

-- no debconf information

--- End Message ---

--- Begin Message ---

On Wed, 11 Nov 2020 21:05:00 +0100 Michael Biebl <bi...@debian.org> wrote:

On Tue, 14 Apr 2020 11:26:57 +1000 Russell Coker <russ...@coker.com.au>
wrote:
> On Saturday, 11 April 2020 5:19:00 PM AEST Michael Biebl wrote:
> > > type=AVC msg=audit(1586512443.135:71139): avc:  granted  { unlink
} for
> > > pid=293 comm="systemd-journal"
> > > name="
user-1001@165b61313e51499ab58ffd33d611e714-0000000000000000-00000000
> > > 00000000.journal" dev="sdb2" ino=2093618
> > > scontext=system_u:system_r:syslogd_t:s0
> > > tcontext=system_u:object_r:systemd_journal_t:s0 tclass=file
> > > type=AVC msg=audit(1586565837.001:94320): avc:  granted  { unlink
} for
> > > pid=293 comm="systemd-journal"
> > > name="
user-1001@165b61313e51499ab58ffd33d611e714-0000000000000000-00000000
> > > 00000000.journal" dev="sdb2" ino=2095421
> > > scontext=system_u:system_r:syslogd_t:s0
> > > tcontext=system_u:object_r:systemd_journal_t:s0 tclass=file

> > > > Is another user/process accessing the journal file at the time the

> > delete happens?

> > Not through any deliberate user action. I'm the only user of the system and I > wasn't running any journalctl command. Does systemd do such stuff

internally?

Can you please report this upstream at
https://github.com/systemd/systemd/issues and report back with the
issue number.
I'm not really familiar with SELinux to be able to make sense of those
log messages. Upstream might.

I was never able to reproduce this issue myself and such an upstream bug report never happened, afaics. So this issue is not really actionable for us.

I'm thus tentatively closing the bug report.

Regards,
Michael

OpenPGP_signature.asc
Description: OpenPGP digital signature

--- End Message ---

Bug#953860: marked as done (systemd-journald keeps open deleted mapped files - leak?)

Reply via email to