summaryrefslogtreecommitdiff
path: root/SECURITY.md
diff options
context:
space:
mode:
authorPaul Holzinger <pholzing@redhat.com>2022-07-20 12:36:02 +0200
committerMatthew Heon <matthew.heon@pm.me>2022-07-26 13:54:28 -0400
commitf6d18ed41cb4ce0fd59090d2114f728d557638db (patch)
treef69faafc9d3ae4a732986ed96a6ead9ea357d399 /SECURITY.md
parentdc1dc46006f890f02d9e61ae5ce9caf1a7a2cd60 (diff)
downloadpodman-f6d18ed41cb4ce0fd59090d2114f728d557638db.tar.gz
podman-f6d18ed41cb4ce0fd59090d2114f728d557638db.tar.bz2
podman-f6d18ed41cb4ce0fd59090d2114f728d557638db.zip
fix goroutine leaks in events and logs backend
When running a single podman logs this is not really important since we will exit when we finish reading the logs. However for the system service this is very important. Leaking goroutines will cause an increased memory and CPU ussage over time. Both the the event and log backend have goroutine leaks with both the file and journald drivers. The journald backend has the problem that journal.Wait(IndefiniteWait) will block until we get a new journald event. So when a client closes the connection the goroutine would still wait until there is a new journal entry. To fix this we just wait for a maximum of 5 seconds, after that we can check if the client connection was closed and exit correctly in this case. For the file backend we can fix this by waiting for either the log line or context cancel at the same time. Currently it would block waiting for new log lines and only check afterwards if the client closed the connection and thus hang forever if there are no new log lines. [NO NEW TESTS NEEDED] I am open to ideas how we can test memory leaks in CI. To test manually run a container like this: `podman run --log-driver $driver --name test -d alpine sh -c 'i=1; while [ "$i" -ne 1000 ]; do echo "line $i"; i=$((i + 1)); done; sleep inf'` where `$driver` can be either `journald` or `k8s-file`. Then start the podman system service and use: `curl -m 1 --output - --unix-socket $XDG_RUNTIME_DIR/podman/podman.sock -v 'http://d/containers/test/logs?follow=1&since=0&stderr=1&stdout=1' &>/dev/null` to get the logs from the API and then it closes the connection after 1 second. Now run the curl command several times and check the memory usage of the service. Fixes #14879 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'SECURITY.md')
0 files changed, 0 insertions, 0 deletions