Audit Plugin allows static variable change at runtime
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
| 5.5 |
Triaged
|
High
|
Unassigned | |||
| 5.6 |
Triaged
|
High
|
Unassigned | |||
| 5.7 |
Triaged
|
High
|
Unassigned | |||
Bug Description
Percona Audit Plugin has many non-dynamic variables. There are some that permit change post install.
audit_log_
mysql> show global variables like 'audit_
+------
| Variable_name | Value |
+------
| audit_log_
+------
1 row in set (0.00 sec)
mysql> select (10)*pow(1024,2);
+------
| (10)*pow(1024,2) |
+------
| 10485760 |
+------
1 row in set (0.00 sec)
mysql> set global audit_log_
Query OK, 0 rows affected (0.00 sec)
mysql> show global variables like 'audit_
+------
| Variable_name | Value |
+------
| audit_log_
+------
1 row in set (0.00 sec)
Even though the values appear to 'stick' they are not adhered to.
The following datadir was subject to a sysbench workload across the variable change yet the file did not respect the reduced ceiling;
Every 2.0s: ls -lth Fri Oct 28 12:53:54 2016
total 2.8G
-rw-rw----. 1 mysql mysql 256M Oct 28 12:53 ib_logfile0
-rw-rw----. 1 mysql mysql 76M Oct 28 12:53 ibdata1
-rw-rw----. 1 mysql mysql 161M Oct 28 12:51 audit.log
-rw-rw----. 1 mysql mysql 161M Oct 28 12:49 audit.log.001
-rw-rw----. 1 mysql mysql 161M Oct 28 12:48 audit.log.002
-rw-rw----. 1 mysql mysql 256M Oct 28 12:47 ib_logfile1
-rw-rw----. 1 mysql mysql 161M Oct 28 12:42 audit.log.003
-rw-rw----. 1 mysql mysql 161M Oct 28 12:39 audit.log.004
-rw-rw----. 1 mysql mysql 161M Oct 28 12:35 audit.log.005
-rw-rw----. 1 mysql mysql 161M Oct 26 19:39 audit.log.006
-rw-rw----. 1 mysql mysql 161M Oct 26 19:34 audit.log.007
-rw-rw----. 1 mysql mysql 161M Oct 26 19:30 audit.log.008
-rw-rw----. 1 mysql mysql 161M Oct 26 19:23 audit.log.009
-rw-rw----. 1 mysql mysql 161M Oct 26 19:18 audit.log.010
-rw-rw----. 1 mysql mysql 161M Oct 26 19:15 audit.log.011
This is just an example of where variables that should be static and error out when attempt to change is made.
The variables used for this instance upon plugin install is;
[ec2-user@
audit_log_file = audit.log
audit_log_format = JSON
audit_log_handler = FILE
audit_log_policy = ALL
audit_log_
audit_log_rotations = 10
audit_log_strategy = PERFORMANCE
Further more it's observed that the dentry cache inflates once a dynamic change is (apparently) made. I observed this again on this instance but the I did not experience OOM.
[ec2-user@
Linux ip-172-
[ec2-user@
OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME
12058935 12058935 100% 0.19K 574235 21 2296940K dentry
220896 186520 84% 0.10K 5664 39 22656K buffer_head
123264 121055 98% 0.03K 963 128 3852K kmalloc-32
121890 121890 100% 0.02K 717 170 2868K fsnotify_
81408 81408 100% 0.01K 159 512 636K kmalloc-8
58432 50844 87% 0.06K 913 64 3652K kmalloc-64
52224 52224 100% 0.02K 204 256 816K kmalloc-16
19941 17549 88% 0.08K 391 51 1564K selinux_
15768 15768 100% 0.11K 438 36 1752K sysfs_dir_cache
12528 11516 91% 0.58K 464 27 7424K inode_cache
7840 7840 100% 0.57K 280 28 4480K radix_tree_node
7585 7585 100% 0.21K 205 37 1640K vm_area_struct
4200 4200 100% 0.09K 100 42 400K kmalloc-96
3392 2629 77% 0.06K 53 64 212K anon_vma
3363 2038 60% 1.06K 113 30 3616K xfs_inode
3192 3192 100% 0.07K 57 56 228K Acpi-ParseExt
I suggest that behaviour is altered to raise an error when static variables are issued a runtime change as other variables in the server do.
| tags: | added: audit |
| Changed in percona-server: | |
| status: | New → Confirmed |
| Shahriyar Rzayev (rzayev-sehriyar) wrote | #1 |
Percona now uses JIRA for bug reports so this bug report is migrated to: https:/