Bug#775458: [Pkg-clamav-devel] Bug#775112: systemd: repeatedly tries to start clamav

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Fri May 8 15:19:56 BST 2015 

Control: found 775458 219-8

Hi,

I'm CC'ing the corresponding systemd bug in the hope that some progress
can be made there.
The problem is still present in the version in experimental.

On 07.05.2015 00:41, Anders Wegge Keller wrote:
> On Wed, 6 May 2015 23:47:54 +0200
> Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> wrote:
>> On 06.05.2015 23:06, Anders Wegge Keller wrote:
>>>  I have experienced the same problem with systemd repeatedly trying to
>>> start the daemon. Every ~300 μsec for about four hours makes for 71+
>>> million lines of syslog. 
>>>
>>>  As I see the problem, systemd does not consider the clamav-daemon
>>> service as failed, when the preconditions are not met. Thus, it will
>>> repeatedly attempt to start the service unit, when the socket is used.
>>
>> I don't think that this is really the problem. The problem is that systemd
>> does not slow down trying to restart the service as it does in other
>> cases, e.g. if a service with Restart=always exits immediately.
> 
>  Actually it does, but only FSVTO. Initially, I added some explicit
> rate-limits to the .service file, which had the effect that the attempts to
> start the service only happened within those parameters. Unfortunately,
> the .socket unit still tried to, and logged the attempt, start the .service
> in a very tight loop. So in a way you are right, but that appears to be a
> bug in handling preconditions. 
> 
>>> To get around
>>> this problem, I've moved[1] ConditionPathExistsGlob from the .service
>>> unit to the .socket unit. By moving the check to the top of the chain,
>>> it appears that systemd will not go into an endless loop, trying to
>>> fullfill the requirements, that are un-fullfillable.
>  
>> I had considered something like that, but it has the bad side effect, that
>> clamav-daemon will not be started upon installation.
>> If the socket is started, clamav-daemon is started as soon as
>> clamav-freshclam has downloaded the databases.
> 
>  As I wrote in my initial comment: I have 5GB worth of syslog that was close
> to be a DOS on the server. So it's a case of pick your poison.
> 
>> So I hope that a newer version of systemd will eventually fix this problem.
> 
>  Me too, but while we wait for that, I'll keep my personal workaround in
> place.

A quick reproducer for the problem:
# cat <<EOF > /etc/systemd/system/test.socket
[Socket]
ListenStream=/run/test.ctl
EOF
# cat <<EOF > /etc/systemd/system/test.service
[Unit]
Requires=test.socket
ConditionPathExistsGlob=/tmp/nonexistent

[Service]
ExecStart=/bin/true
EOF
# systemctl daemon-reload
# systemctl start test.socket
# echo a | nc -U /run/test.ctl

The last command hangs indefinitely and systemd starts eating 100 % CPU
time of one core, while producing GBs of log messages.

Hopefully this can be fixed soon (also in jessie).

Best regards,
Andreas

More information about the Pkg-systemd-maintainers mailing list