Replace SystemSingleton
#2817
Comments
mssalvatore
added a commit
that referenced
this issue
Jan 11, 2023
The SystemSingleton uses an abstract unix socket as a "lock" to ensure only one agent at a time runs on a given machine. It seems that if a manager process is spawned after this unix socket is created, the manager process inherits this file handle, which leads to the socket never being properly closed. Spawning the manager before the socket is opened is a quick solution to this problem. A better solution (see #2817) is to use a different method than a unix socket to achieve this goal, but, baby steps for now.
mssalvatore
added a commit
that referenced
this issue
Jan 12, 2023
The SystemSingleton uses an abstract unix socket as a "lock" to ensure only one agent at a time runs on a given machine. It seems that if a manager process is spawned after this unix socket is created, the manager process inherits this file handle, which leads to the socket never being properly closed. Spawning the manager before the socket is opened is a quick solution to this problem. A better solution (see #2817) is to use a different method than a unix socket to achieve this goal, but, baby steps for now.
mssalvatore
added a commit
that referenced
this issue
Jan 12, 2023
The SystemSingleton uses an abstract unix socket as a "lock" to ensure only one agent at a time runs on a given machine. It seems that if a manager process is spawned after this unix socket is created, the manager process inherits this file handle, which leads to the socket never being properly closed. Spawning the manager before the socket is opened is a quick solution to this problem. A better solution (see #2817) is to use a different method than a unix socket to achieve this goal, but, baby steps for now.
mssalvatore
added a commit
that referenced
this issue
Jan 12, 2023
The SystemSingleton uses an abstract unix socket as a "lock" to ensure only one agent at a time runs on a given machine. It seems that if a manager process is spawned after this unix socket is created, the manager process inherits this file handle, which leads to the socket never being properly closed. Spawning the manager before the socket is opened is a quick solution to this problem. A better solution (see #2817) is to use a different method than a unix socket to achieve this goal, but, baby steps for now.
mssalvatore
added a commit
that referenced
this issue
Jan 13, 2023
The SystemSingleton uses an abstract unix socket as a "lock" to ensure only one agent at a time runs on a given machine. It seems that if a manager process is spawned after this unix socket is created, the manager process inherits this file handle, which leads to the socket never being properly closed. Spawning the manager before the socket is opened is a quick solution to this problem. A better solution (see #2817) is to use a different method than a unix socket to achieve this goal, but, baby steps for now.
cakekoa
pushed a commit
that referenced
this issue
Jan 13, 2023
The SystemSingleton uses an abstract unix socket as a "lock" to ensure only one agent at a time runs on a given machine. It seems that if a manager process is spawned after this unix socket is created, the manager process inherits this file handle, which leads to the socket never being properly closed. Spawning the manager before the socket is opened is a quick solution to this problem. A better solution (see #2817) is to use a different method than a unix socket to achieve this goal, but, baby steps for now.
8 tasks
mssalvatore
added a commit
that referenced
this issue
Mar 6, 2023
8 tasks
mssalvatore
added a commit
that referenced
this issue
Mar 7, 2023
mssalvatore
added a commit
that referenced
this issue
Mar 7, 2023
mssalvatore
added a commit
that referenced
this issue
Mar 7, 2023
mssalvatore
added a commit
that referenced
this issue
Mar 7, 2023
mssalvatore
added a commit
that referenced
this issue
Mar 7, 2023
cakekoa
pushed a commit
that referenced
this issue
Mar 8, 2023
mssalvatore
added a commit
that referenced
this issue
Mar 8, 2023
mssalvatore
added a commit
that referenced
this issue
Mar 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Refactor
Component(s) to be refactored
SystemSingletonExplanation
The Agent tries to avoid having multiple instances of itself running simultaneously on a single machine. To achieve this, it opens an abstract unix socket with a constant name. When another agent attempts to run, it will be unable to open the socket (it's already open) and the agent will exit gracefully.
Unfortunately, this constitutes a low-severity DoS vulnerability. Anyone with access to a target machine can open up an abstract socket with the name that the agent expects. This will prevent any agents from running on the machine.
To resolve this issue, the Island could enforce the rule that only one agent at a time may run on a machine. When the agent starts, it can query the Island to see if any terminate signal has been sent to the agent. The Island can determine if the agent is a duplicate and send it a terminal using the following criteria:
This solution has a very small risk of race conditions. These race conditions are likely to resolve themselves with minimal (if any) impact to the running agents. When the
SystemSingletonwas introduced, two agents running on the system would interfere with each other. Significant refactoring and redesign has taken place that could allow multiple agents to run simultaneously. Whereas before it was impossible for agents to run simultaneously, now it is simply undesirable.Tasks
Agent.registration_time(0d) @cakekoaAgent.registration_time(0d) @cakekoaAgentSignalsServiceto determine whether or not an agent is a duplicate. (0d) @cakekoaSystemSingletonand remove theSystemSingleton(0.25d) @cakekoaThe text was updated successfully, but these errors were encountered: