dansguardian segfault for both stable (net-proxy/dansguardian-2.10.0.3) and unstable (net-proxy/dansguardian-2.10.1.1) versions Proxy works very slow and do not open some sites (https). The service restart helps for a short time. Message in /var/log/message: proxy klogd: dansguardian[17369]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Some log fragments ("segfault at 410" and "error 4") are permanent. Reproducible: Always Steps to Reproduce: Always in short time after the service restart: Actual Results: Feb 3 09:49:11 proxy dansguardian[17186]: Started sucessfully. Feb 3 09:51:00 proxy klogd: dansguardian[17326]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Feb 3 09:58:11 proxy klogd: dansguardian[17269]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Feb 3 10:10:58 proxy klogd: dansguardian[17302]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Feb 3 10:11:50 proxy klogd: dansguardian[17268]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Feb 3 10:12:40 proxy klogd: dansguardian[17328]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Feb 3 10:14:23 proxy klogd: dansguardian[17214]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Feb 3 10:14:23 proxy klogd: dansguardian[17361]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] Feb 3 10:14:32 proxy klogd: dansguardian[17261]: segfault at 410 ip 106fb14e sp 5c2748e0 error 4 in dansguardian[106f0000+a7000] I guess that it could be due to recent glibc upgrade (Google found the same problem in Debian after their upgrade). The effect is in production environment only (heavy load: about 200 dansguardian's processes, 400 users). I did not see any problems with the server when 1-2 user(s) works. emerge -pv dansguardian: net-proxy/dansguardian-2.10.1.1 USE="clamav ntlm pcre -debug -kaspersky" emerge --info: Portage 2.1.7.16 (hardened/linux/x86, gcc-4.3.4, glibc-2.10.1-r1, 2.6.29-hardenedPe4SMP2srv-vm i686) ================================================================= System uname: Linux-2.6.29-hardenedPe4SMP2srv-vm-i686-Intel-R-_Xeon-R-_CPU_E5430_@_2.66GHz-with-gentoo-1.12.13 Timestamp of tree: Wed, 03 Feb 2010 06:00:01 +0000 app-shells/bash: 4.0_p35 dev-lang/python: 2.6.4 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc: 4.3.4 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo http://gentoo.osuosl.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="7zip acl berkdb chroot cracklib crypt cxx gpm hardened idn kerberos ldap lzw lzw-tiff mmx modules mudflap ncurses nptl nptlonly openmp pam pcre perl pic python readline samba session snmp sse sse2 ssl sysfs tcpd urandom userlocales x86 xinetd zlib" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LINGUAS="en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa vmware" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
I had similar problems, it was caused by GRKERNSEC_BRUTE that prevented dansguardian to spawn for limited amount of time.
Can you obtain a backtrace to confirm this? http://www.gentoo.org/proj/en/qa/backtraces.xml
(In reply to Tom Wijsman (TomWij) from comment #2) > Can you obtain a backtrace to confirm this? > > http://www.gentoo.org/proj/en/qa/backtraces.xml
