[Pkg-clamav-devel] Bug#824042: gets into kill/restart loop

Felipe Sateler fsateler at debian.org
Thu May 12 23:47:17 BST 2016 

On 12 May 2016 at 19:43, Felipe Sateler <fsateler at debian.org> wrote:
> On 12 May 2016 at 18:55, Sebastian Andrzej Siewior
> <sebastian at breakpoint.cc> wrote:
>> On 2016-05-11 12:12:42 [-0400], Joey Hess wrote:
>>> Looks like it was being killed each time by the OOM killer. Which makes
>>> sense; clamav uses 18% of the system's 2 gb of ram and so will be the
>>> top target.
>>>
>>> I think there should be something to prevent this runaway scenario.
>>> Maybe a delay, or maybe avoid restarting repeatedly.
>>>
>>> May  8 13:58:14 kite kernel: [12577316.169029] Out of memory: Kill
>>> process 14646 (clamd) score 115 or sacrifice child
>>> May  8 13:58:14 kite kernel: [12577316.169043] Killed process 14646
>>> (clamd) total-vm:425680kB, anon-rss:264680kB, file-rss:0kB
>>> May  8 13:58:29 kite kernel: [12577330.925647] Out of memory: Kill
>>> process 14662 (clamd) score 115 or sacrifice child
>>> May  8 13:58:29 kite kernel: [12577330.925663] Killed process 14662
>>> (clamd) total-vm:425936kB, anon-rss:264684kB, file-rss:12kB
>>
>> This does not look like multiple times per seond.
>> If I 'kill -9 `pidif clamd`' then it does not come back. The service
>> file does not say to restart it:
>>
>> |systemctl show clamav-daemon.service | grep Restart
>> |Restart=no
>> |RestartUSec=100ms
>>
>> So it remains offs. However we have socket activation for clamd. So
>> assuming that you have a mailserver poking at the socket then it will
>> bring clamd back from the death.
>>
>> I have no idea how to limit / disable the restart or make it
>> configurable in this case. Maybe someone with systemfoo has an idea :)
>
> This functionality will come with systemd 230:
> https://github.com/systemd/systemd/pull/3148 , so nothing out of the
> box yet.
>
> A more involved solution (but working right now) would be to have
> OnFailure=clamav-failed.service and have clamav-failed.service stop
> the socket.

For clarification: this would stop the socket only on failure. A
simpler solution that would stop the socket always would be to have

ExecStopPost=/bin/systemctl --no-block stop clamav-daemon.socket

On the service. If clamav-daemon never exits on its own, then this
might be a better solution


-- 

Saludos,
Felipe Sateler

More information about the Pkg-systemd-maintainers mailing list