[Bug 2646] zombie processes when using privilege separation
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 6 14:24:49 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2646
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #9 from Damien Miller <djm at mindrot.org> ---
(In reply to Akshay from comment #7)
I think this is a bug in your init program. We could probably tell more
clearly if you include PPID in your process lists (e.g. "ps ajf").
Here are is the process list from when the session is active:
> root at 4871a0e3589e:/# ps auxf
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
> COMMAND
> root 8 0.0 0.0 26468 3772 ? S+ 01:14 0:00
> /usr/sbin/sshd -D -r
^^ this sshd process (pid=8) is listening to the network.
> root 19 0.0 0.0 29028 4084 ? Ss 01:14 0:00 \_
> sshd: nsadmin [priv]
^^ this one (pid=19) is the privilege separation monitor process.
> nsadmin 21 0.0 0.0 29028 2668 ? S 01:14 0:00
> \_ sshd: nsadmin at pts/0
^^ this one is the low-privilege child process.
> Later, (after login then logout)...
>
> root at 4871a0e3589e:/# ps auxf
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
> COMMAND
> root 8 0.0 0.0 26468 3772 ? S+ 01:14 0:00
> /usr/sbin/sshd -D -r
^^ the listener process is still here.
> nsadmin 21 0.0 0.0 0 0 ? Z 01:14 0:00
> [sshd] <defunct>
This process was previously a child of the monitor process on pid=19,
but its parent has already exited, so it's not around to call waitpid()
to reap it.
In this situation, init is supposed to do the reaping since pid=21 is
clearly orphaned. See https://en.wikipedia.org/wiki/Zombie_process for
a bit more detail on how this is supposed to flow.
This might be your problem:
https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list