[Haskell-cafe] ghc_ticker not checking return code?
Jon Fairbairn
jon.fairbairn at cl.cam.ac.uk
Sun Jun 17 09:27:56 UTC 2018
I’ve just been rebuilding something I wrote ages ago, using
stack with lts-11.6 (so that I can use a recent Conduit).
Part (not a part I was modifying) of the code runs as a CGI
script, and I was horrified to find that when run by httpd it
soaked up CPU like nobody’s business without producing any
output. Running it at the command line worked fine, so I traced
the problem via audit:
type=AVC msg=audit(1529223103.790:1705516): avc: denied { read } for pid=36764 comm="ghc_ticker" path="[timerfd]" dev=anon_inodefs ino=4597 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
type=AVC msg=audit(1529223103.790:1705517): avc: denied { read } for pid=36764 comm="ghc_ticker" path="[timerfd]" dev=anon_inodefs ino=4597 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
The solution is to add an audit rule to allow that, but surely
ghc_ticker shouldn’t be trying again so fast when whatever it is
trying to do isn’t permitted?
I don’t know what component ghc_ticker belongs to, so where
should I report the problem?
--
Jón Fairbairn Jon.Fairbairn at cl.cam.ac.uk
More information about the Haskell-Cafe
mailing list