Skip to content

fix: avoid unused fsnotify watchers in file cat mode#4484

Open
immanuwell wants to merge 1 commit into
crowdsecurity:masterfrom
immanuwell:fix/file-cat-fsnotify-leak
Open

fix: avoid unused fsnotify watchers in file cat mode#4484
immanuwell wants to merge 1 commit into
crowdsecurity:masterfrom
immanuwell:fix/file-cat-fsnotify-leak

Conversation

@immanuwell
Copy link
Copy Markdown

@immanuwell immanuwell commented May 23, 2026
edited
Loading

Summary

mode: cat was still creating an fsnotify watcher, even though oneshot reads dont use it.
On boxes that are already close to fs.inotify.max_user_instances, that can fail early with:

could not create fsnotify watcher: couldn't initialize inotify: too many open files

This keeps watcher creation in tail mode only, and closes it if tail config bails early. small fix, real footgun.

Repro

  1. Run on a host that's close to the inotify instance ceiling. Linux exposes it in /proc/sys/fs/inotify/max_user_instances.
  2. Call the file datasource configure path with mode: cat.
  3. Before this patch it can fail before reading anything, just because it grabs an inotify instance for no reason.
  4. After this patch, cat mode does not touch inotify, so the same path keeps working.

Checks

  • go test ./pkg/acquisition/modules/file -run 'TestConfigure|TestOneShot' -count=1

related-ish: #2605 #4074

/kind fix

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

@immanuwell: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.

  • /kind feature
  • /kind enhancement
  • /kind refactoring
  • /kind fix
  • /kind chore
  • /kind dependencies
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

@immanuwell: There are no area labels on this PR. You can add as many areas as you see fit.

  • /area agent
  • /area local-api
  • /area cscli
  • /area appsec
  • /area security
  • /area configuration
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@immanuwell
Copy link
Copy Markdown
Author

immanuwell commented May 23, 2026

/area configuration

@immanuwell
Copy link
Copy Markdown
Author

immanuwell commented May 23, 2026

/kind fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/configuration kind/fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@immanuwell