-
Type:
Bug
-
Resolution: Won't Do
-
Priority:
Major - P3
-
None
-
Affects Version/s: 4.0.20, 4.2.9
-
Component/s: Internal Code
-
None
-
ALL
-
Security 2020-11-16
We have many mongos (v4.0.20) instances running in a pod in kubernetes. And there is a lot of such pods in every node.
Occasionally we got strange error:
2020-10-19T07:37:08.257+0000 E - [TaskExecutorPool-0] cannot open /dev/urandom Operation not permitted
2020-10-19T07:37:08.257+0000 F - [TaskExecutorPool-0] Fatal Assertion 28839 at src/mongo/platform/random.cpp 161
2020-10-19T07:37:08.280+0000 F - [TaskExecutorPool-0] Got signal: 6 (Aborted).
(Sometimes it is [conn-nnn] instead of [TaskExecutorPool-0])
Looks like there some kernel bug or limitation concerning too many openings of /dev/urandom (probably, in conjunction with lxc environment).
Looks like patch for https://jira.mongodb.org/browse/SERVER-43641 fixes it by opening /dev/urandom just once in a process (while it was not main intention of a patch)
https://github.com/mongodb/mongo/commit/e1f433d2c47f623ceb5d1d1aee7605fefb71b846#diff-e00f3865e22fbd4dfd1c2e65cbac4e9e53e5e008e79260a1b6a333c67de64f36L154-R184
Could you backport this patch to 4.0.x and 4.2.x, please? Or just make similar thing: open /dev/urandom once per process.
- backports
-
-
- Closed
-
- duplicates
-
SERVER-25659 InputStreamSecureRandom should open the urandom device file descriptor once at the start
-
- Closed
-