-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker container does not exit when clamd exits #45
Comments
+1 on this. We've lost the clamd-process a couple of times while reloading the database due to out of memory, resulting in the kernel killing it, but seemingly leaving the container running, resulting in "broken pipe" errors on clients trying to connect, and the log simply showing:
This results in downtime and needing manual intervention to fix. We're using the clamav-debian image on a ppc64le-based architecture |
I had the same issue Cisco-Talos/clamav#1282, then I did increase from 2 GiB to 4 GiB of RAM. |
Hi,
after switching to clamav 1.3, we have seen "disappearing" clamds -- for a reason yet to be researched. However, we are having a hard time trouble-shooting that issue, as a dying clamav does not result in an instant exit of the container. The container will just become unhealthy.
The container will start up to three "daemons" (freshclam, clamd, milter), and it obviously not a trivial question which of them is central, and which ones are not. Not using milter, I regard a running clamav container with a working clamd as "valid" even if the freshclam process has gone away.
Due to this, I'd prefer something along these lines (yep, this patch misses the case that no daemons are executed at all):
(Unfortunately, the "wait -n" bashism in busybox and thus in alpine seems to be broken to me; otherwise, collecting the (up to) three pids and "wait -n" for all of them would probably be fine. I have created an issue in the busybox bugtracker, but it probably will take some time until a possible fix hits the alpine image).
I'd be happy to provide a pull request on request. In that case: Should the wait statement in the debian edition wait for all three pids? Or should alpine and debian versions of the script be as close as possible? For a possible "no daemon situation", I'd suggest to use "sleep infinity" instead of the crude "tail" call?
The text was updated successfully, but these errors were encountered: