Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

minimize_access: maximum recursion depth exceeded on Ansible 2.5 #171

Closed
jeremynowell opened this issue May 3, 2018 · 8 comments · Fixed by #181
Closed

minimize_access: maximum recursion depth exceeded on Ansible 2.5 #171

jeremynowell opened this issue May 3, 2018 · 8 comments · Fixed by #181
Labels
bug

Comments

@jeremynowell
Copy link

jeremynowell commented May 3, 2018
edited by rndmh3ro
Loading

When running on ansible 2.5 I get an error in the minimize_access task when processing /usr/bin:

RuntimeError: maximum recursion depth exceeded

Traceback is too large to include all, but the first part is:
"module_stderr": "Traceback (most recent call last):
  File \"/tmp/ansible_UKp6oM/ansible_module_file.py\", line 473, in <module>
    main()
  File \"/tmp/ansible_UKp6oM/ansible_module_file.py\", line 350, in main
    changed |= recursive_set_attributes(module, to_bytes(file_args['path'], errors='surrogate_or_strict'), follow, file_args)
  File \"/tmp/ansible_UKp6oM/ansible_module_file.py\", line 169, in recursive_set_attributes
    changed |= recursive_set_attributes(module, b_fsname, follow, file_args)

With the last two lines repeated until the maximum recursion depth is exceeded.

I suspect this may be due to symbolic links, according to the Ansible file module documentation the follow parameter was changed from a default of 'no' to 'yes' in 2.5. Explicitly setting it to 'no' makes the task succeed.
@rndmh3ro rndmh3ro added the bug label May 6, 2018
@rndmh3ro
Copy link
Member

rndmh3ro commented May 6, 2018

I just tried it on CentOS7 with Ansible 2.5 and got no errors. Can you please provide, what operating system you use and what version of this role?

I suspect this may be due to symbolic links, according to the Ansible file module documentation the follow parameter was changed from a default of 'no' to 'yes' in 2.5. Explicitly setting it to 'no' makes the task succeed.

We're using recurse: yes in this task anyway, so it shouldn't matter what the defaults are.

@towo
Copy link
Contributor

towo commented May 16, 2018

Happens on an Ubuntu 17.10 target, for example, with an Arch Linux controller.

It seem to recursing repeatedly through /usr/bin:

stat("/usr/bin/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.
/./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.
/./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.
/./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.
/./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.
/./pdb3.6", {st_mode=S_IFREG|0755, st_size=61310, ...}) = 0

Having a quick look into the directory, there's a symlink /usr/bin/X11 -> .. Removing that one allows it to run through without impediment; so care should be taken to avoid symlinks that go to the same directory.

@JeffCarpenter
Copy link

It happens on an Ubuntu 16.04 target also (same symlink).

@rndmh3ro rndmh3ro mentioned this issue May 22, 2018
Closed
@allaire
Copy link

allaire commented May 30, 2018
edited
Loading

I get this as well, related to the /usr/bin/X11 -> . problem.

Since this seem to be a default symlink in Ubuntu 16.04, I think the role should be responsible to handle this recursive case.

@allaire
Copy link

allaire commented Jul 4, 2018

@rndmh3ro Sorry to bother, but any plan for a fix? I'm available if you need a hand to test something, thanks!

@rndmh3ro
Copy link
Member

rndmh3ro commented Jul 4, 2018

You're not bothering @allaire! :)
Yes we want to fix this. However I cannot say when it will be fixed. I'll set it on the top of my to-do list for this project.

@rndmh3ro rndmh3ro mentioned this issue Jul 23, 2018
Merged
@rndmh3ro
Copy link
Member

rndmh3ro commented Aug 1, 2018

This is fixed in master now!

@rndmh3ro rndmh3ro mentioned this issue Aug 21, 2018
Closed
@allaire
Copy link

allaire commented Aug 23, 2018

@rndmh3ro Thanks Sebastian, do you know if we can expect a release on galaxy anytime soon?

Have a good day !

rndmh3ro added a commit that referenced this issue Jul 24, 2020
@rndmh3ro
Merge pull request #171 from jbronn/openbsd
5e3fec7 
OpenBSD Support
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this issue Aug 3, 2022
@rndmh3ro
Merge pull request dev-sec#171 from jbronn/openbsd
d2d9656 
OpenBSD Support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

change minimize access method dev-sec/ansible-collection-hardening
5 participants
@JeffCarpenter @towo @allaire @rndmh3ro @jeremynowell