Bug 1046417

Summary: zypper ps always report deleted files, even after reboot
Product: [openSUSE] openSUSE Tumbleweed Reporter: Karsten Keil <karsten.keil>
Component: libzyppAssignee: E-mail List <zypp-maintainers>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: dbischof, maint-coord, zypp-maintainers
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: requested output

Description Karsten Keil 2017-06-28 13:34:24 UTC 
pingi3:~ # zypper ps 
The following running processes use deleted files:

PID  | PPID | UID | User    | Command | Service | Files                     
-----+------+-----+---------+---------+---------+---------------------------
1225 | 1    | 0   | root    | sssd    | sssd    | /var/lib/sss/mc/initgroups
1231 | 1    | 485 | polkitd | polkitd | polkit  | /var/lib/sss/mc/initgroups
1234 | 1225 | 0   | root    | sssd_be | sssd    | /var/lib/sss/mc/initgroups

You may wish to restart these processes.
See 'man zypper' for information about the meaning of values in the above table.

This was after a reboot.

/var/lib/sss/mc/initgroups is not owned by any package at all so zypper ps should
never report it I guess.

libzypp   16.12.0-1.1
zypper    1.13.28-1.1
Comment 1 Daniel Bischof 2017-07-18 11:38:52 UTC 
I have observed this, too. Not sure, if this is just cosmetic - both sssd and zypper appear to work properly.
I'm on Leap 42.2 with the net-ldap repo enabled, since I need an up-to-date sssd:

---
poolpc03:~ # zypper ps
The following running processes use deleted files:

PID | PPID | UID | User       | Command     | Service | Files                     
----+------+-----+------------+-------------+---------+---------------------------
887 | 1    | 499 | messagebus | dbus-daemon | dbus    | /var/lib/sss/mc/initgroups
    |      |     |            |             |         | /var/lib/sss/mc/passwd    
901 | 1    | 0   | root       | sssd        | sssd    | /var/lib/sss/mc/initgroups
902 | 901  | 0   | root       | sssd_be     | sssd    | /var/lib/sss/mc/initgroups

You may wish to restart these processes.
See 'man zypper' for information about the meaning of values in the above table.
---
poolpc03:~ # cat /etc/os-release 
NAME="openSUSE Leap"
VERSION="42.2"
ID=opensuse
ID_LIKE="suse"
VERSION_ID="42.2"
PRETTY_NAME="openSUSE Leap 42.2"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:42.2"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
---
poolpc03:~ # zypper lr
Repository priorities in effect:                                                                                                                                                  (See 'zypper lr -P' for details)
      50 (raised priority)  :  7 repositories
      60 (raised priority)  :  1 repository  
      99 (default priority) :  0 repositories

# | Alias                        | Name                         | Enabled | GPG Check | Refresh
--+------------------------------+------------------------------+---------+-----------+--------
1 | openSUSE-42.2-net-ldap       | openSUSE-42.2-net-ldap       | Yes     | (r ) Yes  | Yes    
2 | openSUSE-42.2-non-oss        | openSUSE-42.2-non-oss        | Yes     | (r ) Yes  | Yes    
3 | openSUSE-42.2-oss            | openSUSE-42.2-oss            | Yes     | (r ) Yes  | Yes    
4 | openSUSE-42.2-pm-essent      | openSUSE-42.2-pm-essent      | Yes     | (r ) Yes  | Yes    
5 | openSUSE-42.2-science        | openSUSE-42.2-science        | Yes     | (r ) Yes  | Yes    
6 | openSUSE-42.2-update-non-oss | openSUSE-42.2-update-non-oss | Yes     | (r ) Yes  | Yes    
7 | openSUSE-42.2-updates        | openSUSE-42.2-updates        | Yes     | (r ) Yes  | Yes    
8 | openSUSE-42.2-x2go           | openSUSE-42.2-x2go           | Yes     | (r ) Yes  | Yes    
---
poolpc03:~ # rpm -qa | egrep -i '(zypp|sss)' | sort
libnfsidmap-sss-1.15.2-3.3.x86_64
libnsssharedhelper0-1.0.10-10.3.x86_64
libsss_idmap0-1.15.2-3.3.x86_64
libsss_nss_idmap0-1.15.2-3.3.x86_64
libsss_simpleifp0-1.15.2-3.3.x86_64
libzypp-16.12.0-5.6.1.x86_64
python-cssselect-0.9.1-6.3.noarch
snapper-zypp-plugin-0.3.3-2.2.noarch
sssd-1.15.2-3.3.x86_64
sssd-32bit-1.13.4-5.3.1.x86_64
sssd-ad-1.15.2-3.3.x86_64
sssd-ipa-1.15.2-3.3.x86_64
sssd-krb5-1.15.2-3.3.x86_64
sssd-krb5-common-1.15.2-3.3.x86_64
sssd-ldap-1.15.2-3.3.x86_64
zypp-plugin-python-0.5-5.3.x86_64
zypper-1.13.28-5.6.1.x86_64
zypper-aptitude-1.13.28-5.6.1.noarch
zypper-log-1.13.28-5.6.1.noarch
Comment 2 Michael Andres 2017-07-18 12:30:34 UTC 
These are most probably false-positive (like all reported files which do not vanish after a restart). Can someone please provide the output of 
> lsof -n -FpcuLRftkn | grep -10 /var/lib/sss/
(while zypper is showing the above /var/lib/sss/... files). 
Then I can attach the filter.
Comment 3 Daniel Bischof 2017-07-18 12:43:03 UTC 
Created attachment 732750 [details]
requested output
Comment 4 Michael Andres 2017-07-18 16:33:50 UTC 
Thanks. Fixed with libzypp-16.15.2.
Comment 5 Swamp Workflow Management 2017-08-25 16:24:37 UTC 
SUSE-SU-2017:2264-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1009745,1036659,1038984,1043218,1045735,1046417,1047785,1048315
CVE References: CVE-2017-7435,CVE-2017-7436,CVE-2017-9269
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libzypp-16.15.3-2.3.1, yast2-pkg-bindings-devel-doc-3.2.4-2.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    libzypp-16.15.3-2.3.1, yast2-pkg-bindings-3.2.4-2.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libzypp-16.15.3-2.3.1, yast2-pkg-bindings-3.2.4-2.3.1
Comment 6 Swamp Workflow Management 2017-09-02 16:11:15 UTC 
openSUSE-SU-2017:2335-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1009745,1036659,1038984,1043218,1045735,1046417,1047785,1048315
CVE References: CVE-2017-7435,CVE-2017-7436,CVE-2017-9269
Sources used:
openSUSE Leap 42.3 (src):    libzypp-16.15.3-9.1, yast2-pkg-bindings-3.2.4-4.1, yast2-pkg-bindings-devel-doc-3.2.4-4.1
Comment 7 Swamp Workflow Management 2017-09-14 19:18:38 UTC 
SUSE-SU-2017:2470-1: An update that solves 18 vulnerabilities and has 46 fixes is now available.

Category: security (important)
Bug References: 1004995,1009745,1014471,1017420,1019637,1026825,1027079,1027688,1027908,1028281,1028723,1029523,1031756,1032706,1033236,1035062,1036659,1038132,1038444,1038984,1042392,1043218,1043333,1044095,1044107,1044175,1044840,1045384,1045735,1045987,1046268,1046417,1046659,1046853,1046858,1047008,1047236,1047240,1047310,1047379,1047785,1047964,1047965,1048315,1048483,1048605,1048679,1048715,1049344,1050396,1050484,1051626,1051643,1051644,1052030,1052759,1053409,874665,902364,938657,944903,954661,960820,963041
CVE References: CVE-2013-7459,CVE-2016-9063,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-10684,CVE-2017-10685,CVE-2017-11112,CVE-2017-11113,CVE-2017-3308,CVE-2017-3309,CVE-2017-3453,CVE-2017-3456,CVE-2017-3464,CVE-2017-7435,CVE-2017-7436,CVE-2017-8872,CVE-2017-9233,CVE-2017-9269
Sources used:
SUSE Container as a Service Platform ALL (src):    caasp-container-manifests-0.0.0+git_r155_93e40ab-2.3.3, container-feeder-0.0.0+20170901.git_r55_17ecbd3-2.3.3, sles12-mariadb-docker-image-1.1.0-2.3.10, sles12-pause-docker-image-1.1.0-2.3.11, sles12-pv-recycler-node-docker-image-1.1.0-2.3.10, sles12-salt-api-docker-image-1.1.0-2.3.9, sles12-salt-master-docker-image-1.1.0-4.3.10, sles12-salt-minion-docker-image-1.1.0-2.3.8, sles12-velum-docker-image-1.1.0-4.3.9