Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

running fapolicyd in ubuntu gets slow until it freezes the system #305

Open
cduelo opened this issue May 28, 2024 · 1 comment
Open

running fapolicyd in ubuntu gets slow until it freezes the system #305

cduelo opened this issue May 28, 2024 · 1 comment

Comments

@cduelo
Copy link

cduelo commented May 28, 2024
edited
Loading

I have built fapolicyd for Ubuntu 20.04 with the debian definition found here.

I build the debian package in a lxd container. Host 22.04 and container 20.04. I am not sure if this could affect.

I think that fapolicyd is getting slow until it completely freezes and freezing the whole system.

I would like to debug to find the problem, can you give me hand or a recommendation?

I am running in a KVM an ubuntu 20.04 with the following kernel:

uname -a
Linux fapolicy 5.15.0-107-generic #117~20.04.1-Ubuntu SMP Tue Apr 30 10:35:57 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

I always run in fapolicyd --permissive --debug

All the logs are normal, there are no errors.

I run watch -n 60 fapolicyd-cli --chec-status to check if there is something with Inter-thread max queue depth but it is always in close to zero.

This is the configuration:

permissive = 1
nice_val = 14
q_size = 800
uid = fapolicyd
gid = fapolicyd
do_stat_report = 1
detailed_report = 1
db_max_size = 50
subj_cache_size = 1549
obj_cache_size = 8191
watch_fs = ext2,ext3,ext4,tmpfs,xfs,vfat,iso9660,btrfs
trust = file
integrity = none
syslog_format = rule,dec,perm,auid,pid,exe,:,path,ftype,trust
rpm_sha256_only = 0
allow_filesystem_mark = 0
report_interval = 30

My rules

allow perm=execute all : trust=1
allow perm=any all : ftype=text/x-shellscript
deny_syslog perm=execute all : all

I not sure if the rules are affecting since I always run in permissive mode.

Do you have any ideas, what I could be doing wrong ?
@stevegrubb
Copy link
Member

The max queue depth issue was found last week and is fixed by commit 59e2f10. What that means is that it's only accurate when the program ends. If you are in permissive mode, fapolicyd should not cause the system to freeze since it's not depending on any access decision.

If you can run the code currently in git, that might be better for debugging. Just clone the repo, do the build, and run it where it is. You do not need to install it. Another idea might be to run it with valgrind or address sanitizer. Maybe the debian package code is leaking memory?

@jw3 jw3 mentioned this issue Nov 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cduelo @stevegrubb