[Pkg-aide-maintainers] Bug#841006: please use dotlockfile -r 0 in aide.wrapper

Marc Haber mh+debian-packages at zugschlus.de
Sun Oct 16 20:02:19 UTC 2016


Package: aide-common
Version: 0.16-1
Severity: wishlist

Hi,

please consider using dotlockfile -p -r 0 -l $LOCKFILE in the wrapper.
The current setting will retry to obtain the lock, which is probably
not intended behavior if a manual aide run prevents the cron-job from
running.

I have lost my aide database in the following situation:

- I boot up a VM that was not running during cron.daily time
- I upgrade the kernel
- I reboot before anacron starts cron.daily
- After the reboot, I invoke aide.wrapper --update to refresh the
  database
- during this operation, anacron starts cron.daily, aide's cron job
  cannot obtain the lock because the manually started aide cron job
  holds it. the cron.daily wrapper waits.
- The manual aide run ends, the cron.daily aide run obtains the lock
  and begins running. In this process, aide.db.new is truncated to zero
  size.
- I review the log from the manual aide run, find it ok, and copy the
  (zero length) aide.db.new to aide.db.

=> boom, database lost.

I think it is the lesser evil to not have the cron job wait for the
aide lock and have it bomb out immediately.

Greetings
Marc



More information about the Pkg-aide-maintainers mailing list