The issue has been mostly resolved, thanks to Harris support. The following describes the problem and the solution, with one exception: the sysctl fs.protected regular=0 does not survive a reboot. I am told it will be fixed on the next release. -------------- A new release of systemd – version 241 – is now available for several linux versions. This new systemd version includes by default an extra protection level which allows only 1 user per machine to run IDL. Please see at this link the list of rpm systemd-241 packages already available, which lets us thinking that this problem will become more frequent in the next time: https://rpmfind.net/linux/rpm2html/search.php?query=systemd Here the details coming from a customer experiencing this issue: After upgrading some of our Linux machines to kernel 4.19+ and systemd-241+, only 1 user (per machine) is able to obtain license to run idl (tried on Linux amd64 with IDL 8.7.0, 8.7.2) It appears the root cause is new extra protection of FIFO/regular files implemented in Linux 4.19+ which is enabled by default in systemd-241+ : sysctl fs.protected_regular=1 More info : https://www.phoronix.com/scan.php?page=news_item&px=Systemd-241-Linux-419-Sysctl With the above setup, the first user (user11) running idl creates a fne.XXXX file under /tmp directory which usually has sticky bit on : ls -al /tmp drwxrwxrwt 27 root root 860 Mar 21 15:07 . drwxr-xr-x 25 root root 301 Mar 14 10:49 .. -rwxrwxrwx 1 user11 grp11 0 Mar 21 14:16 /tmp/fne.erkueytuierytierutyertiuertyeriuteyriuteryituyer Then, second user gets the message: (null): [1,7e1,8,0[74100008,1,1202014d]] Internal. : Internal. (code : 1947205640) (cll_internal.cpp : 498) (code : 1947205640) (CLLFloatingLicenseThread.cpp : 473) CLLFloatingLicenseInitialize failed to start the license thread. Unable to obtain an IDL license. strace shows that the openat(O_CREAT) syscall fails : 1578 stat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=880, ...}) = 0 1578 openat(AT_FDCWD, "/tmp/fne.erkueytuierytierutyertiuertyeriuteyriuteryituyer", O_WRONLY|O_CREAT, 0777) = -1 EACCES (Permission denied) 1578 futex(0x7fd6798101a0, FUTEX_WAKE_PRIVATE, 2147483647) = 0 1578 munmap(0x7fd678288000, 12925792) = 0 1578 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2696, ...}) = 0 1578 write(2, "(null): [1,7e1,8,0[74100008,1,1202014d]] Internal. : Internal. (code : 1947205640) (cll_internal.cpp : 498) (code : 1947205640) (CLLFloatingLicenseThread.cpp : 473)", 164) = 164 1578 write(2, "\n", 1) = 1 1578 write(2, "CLLFloatingLicenseInitialize", 28) = 28 1578 write(2, " failed to start the license thread.", 36) = 36 When I disable extra protection with: sysctl fs.protected_regular=0 then second user can run idl.
|