Bug#896790: apt on jessie (pre-1.1) closes millions of files on ExecFork (makes Docker slow)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: wjdoekes+debian@osso.nl
Subject: Bug#896790: apt on jessie (pre-1.1) closes millions of files on ExecFork (makes Docker slow)
From: wjdoekes@osso.nl
Date: Tue, 24 Apr 2018 11:54:07 +0200
Message-id: <[🔎] da6f1e46a8d9eb5154cf12852748e2bb@osso.nl>
Reply-to: wjdoekes@osso.nl, 896790@bugs.debian.org

Package: apt
Version: 1.0.9.8.4
Severity: important

Dear Maintainer,

I'm sorry for flagging this as 'important', but in the Docker eco-system
this bug is quite troublesome for everyone doing apt on Jessie.

The issue which is reported (and fixed) here --
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764204 --
still applies to Jessie:

  Apt ExecFork() tries to close all possible FDs instead of just the
  open ones.

  **In docker builds, this generally defaults to 1 million(!) files**

  So, you'd be looking at this (from 3 to 1024*1024), instead of doing
  apt updates/upgrades.

[pid 17831] getrlimit(RLIMIT_NOFILE, {rlim_cur=1024*1024,rlim_max=1024*1024}) = 0[pid 17831] fcntl(148924, F_SETFD, FD_CLOEXEC) = -1 EBADF (Bad filedescriptor)


  This caused a simple apt-get update/upgrade run to go from around 15
  secs on Wheezy to a whopping 200 seconds on Jessie.


Apt versions:

  Wheezy runs: apt 0.9.7.9+deb7u7 (fast, closes max. 40 FDs)
  Jessie runs: apt 1.0.9.8.4 (slow, closes max. nofile FDs)
  Stretch runs: apt 1.4.8 (fast, closes exactly open-FD-count)

Fix history:

  Old (broken after 0.9.13), November 2013:

https://github.com/Debian/apt/commit/61f954bff040809e7ab57b3adec2fe95339ffb94#diff-44ca32a60c136bb8155104e94ca99e0a


  Better (fixed in 1.0.9.10+), April 2015:

https://github.com/Debian/apt/commit/15901516326737a67f2a9af26cd7e434162de019


  Best (fixed in 1.1+), May 2015:

https://github.com/Debian/apt/commit/be4d908fb5d56f8a331bb88e878a6fb8d82a77a6



Would you be willing to patch the Jessie Apt versions with the two
latter commits? I could file a patch if you want.


(For the record: workarounds for Docker include setting the nofile limit
in daemon.json {"default-ulimits": {"nofile":"512:1024"}} or passing

--ulimit nofile=512 to 'docker build' (not available fordocker-compose).)



Cheers,
Walter Doekes
OSSO B.V.



-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: 8.9
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-116-generic (SMP w/16 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  debian-archive-keyring  2017.5~deb8u1
ii  gnupg                   1.4.18-7+deb8u3
ii  libapt-pkg4.12          1.0.9.8.4
ii  libc6                   2.19-18+deb8u10
ii  libgcc1                 1:4.9.2-10
ii  libstdc++6              4.9.2-10

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc                      <none>
pn  aptitude | synaptic | wajig  <none>
ii  dpkg-dev                     1.17.27
ii  python-apt                   0.9.3.12

-- no debconf information

Reply to:

Prev by Date: Re: Grant
Next by Date: Bug#896798: unattended-upgrades: Respect NetworkManager's metered connection property
Previous by thread: Re: Grant
Next by thread: Bug#896798: unattended-upgrades: Respect NetworkManager's metered connection property
Index(es):
- Date
- Thread