Folks does anyone experienced orbit service causing problems osquery #fleet

Folks, does anyone experienced orbit service causi...

V Rozhniatovskyi

08/20/2025, 10:32 AM

Folks, does anyone experienced orbit service causing problems with reaching default limit for

/proc/sys/kernel/keys/maxkeys

and than all not nice things which will follow this (Fedora 42)

Copy code

$ wc -l /proc/keys
200 /proc/keys
$ sudo systemctl stop orbit.service
$ wc -l /proc/keys
8 /proc/keys

V Rozhniatovskyi

08/20/2025, 12:37 PM

Looks like started with orbit update to 1.46.0

Lucas Rodriguez

08/20/2025, 12:45 PM

Hi @V Rozhniatovskyi! Is this only happening on Fedora 42?

Lucas Rodriguez

08/20/2025, 12:46 PM

(In 1.46.0 we've released some TPM related work, but should be disabled by default.)

V Rozhniatovskyi

08/20/2025, 12:46 PM

as far as i can see yes, we don't have much of variety when it comes to linux flavours

Lucas Rodriguez

08/20/2025, 12:46 PM

First time I hear about orbit using

/proc/keys

, what do you see listed?

V Rozhniatovskyi

08/20/2025, 12:50 PM

well, i'll need to spin up my own test F42 machine, so far i just getting reports from other people who started experiencing problems in the last 24-48 hours all linked to the moment upgrading fleetd from 1.45.1 to 1.46.0

👍 1

👀 1

V Rozhniatovskyi

08/20/2025, 12:51 PM

what kind of information will help you? i can try to get it

Lucas Rodriguez

08/20/2025, 12:51 PM

Worth running

SELECT * FROM kernel_keys;

(from Fleet UI) on these devices.

Lucas Rodriguez

08/20/2025, 12:52 PM

To understand what these keys are about.

V Rozhniatovskyi

08/20/2025, 2:02 PM

so a bit more info, which might help

Copy code

while : ; do printf '%s: wc -l /proc/keys: %s\n' "$(date -u -Is)" "$(wc -l /proc/keys)"; sleep 1 ; done

2025-08-20T13:37:01+00:00: wc -l /proc/keys: 95 /proc/keys
2025-08-20T13:37:02+00:00: wc -l /proc/keys: 96 /proc/keys
...
2025-08-20T13:37:17+00:00: wc -l /proc/keys: 96 /proc/keys
2025-08-20T13:37:18+00:00: wc -l /proc/keys: 97 /proc/keys
...
2025-08-20T13:37:34+00:00: wc -l /proc/keys: 97 /proc/keys
2025-08-20T13:37:35+00:00: wc -l /proc/keys: 98 /proc/keys
...
2025-08-20T13:37:50+00:00: wc -l /proc/keys: 98 /proc/keys
2025-08-20T13:37:51+00:00: wc -l /proc/keys: 99 /proc/keys
...
2025-08-20T13:38:06+00:00: wc -l /proc/keys: 99 /proc/keys
2025-08-20T13:38:07+00:00: wc -l /proc/keys: 100 /proc/keys
...

each increment perfectly aligns with the following logs (example)

Copy code

Aug 20 13:38:06 hostname orbit[3767336]: 2025-08-20T09:38:06-04:00 INF killing any pre-existing fleet-desktop instances
Aug 20 13:38:07 hostname orbit[3767336]: 2025-08-20T09:38:07-04:00 INF attempting to get user session type and display id=1000 user=xxxx
Aug 20 13:38:07 hostname orbit[3767336]: 2025-08-20T09:38:07-04:00 INF running runuser display=wayland-0 id=1000 path=/opt/orbit/bin/desktop/linux/stable/fleet-desktop/fleet-desktop session_type=wayland user=xx>
Aug 20 13:38:07 hostname orbit[3767336]: 2025-08-20T09:38:07-04:00 INF running command cmd="/usr/sbin/runuser -l xxxx -c runcon \"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\" env WAYLAND_DISPLAY=wa>
Aug 20 13:38:07 hostname orbit[3777934]: runcon: 'env': Permission denied

selinux problem?

Lucas Rodriguez

08/20/2025, 2:10 PM

Ah, likely related to this change. Though I'm not sure what keys have to do with it... We'll need to dig.

ty 1

Lucas Rodriguez

08/20/2025, 2:13 PM

@Scott Gress cc

Lucas Rodriguez

08/20/2025, 2:21 PM

We've created #32112 to track this issue.

ty 1

Scott Gress

08/20/2025, 2:33 PM

@V Rozhniatovskyi thanks for the helpful logs. Were your hosts launching the desktop app successfully in previous releases?

V Rozhniatovskyi

08/20/2025, 2:41 PM

yes, we never had problems, and even with all these errors hosts are still reachable... i mean until service is manually stopped as people experiencing problems with other stuff and just switching fleet off 😅

Scott Gress

08/20/2025, 2:42 PM

Ok, just to be clear I specifically mean the desktop app icon in the system tray that you can click on to open the "My Device" page in a browser

V Rozhniatovskyi

08/20/2025, 2:45 PM

as far as i remember on linux it required some extra steps but yes it did work, with some issues when it come to actually using it, and we also had some hosts which just opt out of the desktop app on linux...

V Rozhniatovskyi

08/20/2025, 2:47 PM

i probably need to find some hosts which have package without

--fleet-desktop

and see if problem exist there

👍 1

Scott Gress

08/20/2025, 7:25 PM

Can you say anything about your selinux setup (i.e. is it fairly strict)? I can see how some policies might cause permissions issues when trying to run

env

in a different context, I'm just trying to gauge how pervasive this issue might be. We haven't had any other reports of this yet but that doesn't mean it's not happening elsewhere.

V Rozhniatovskyi

08/20/2025, 9:59 PM

Nothing special really, just default which comes with fedora

👍 1

V Rozhniatovskyi

09/30/2025, 9:38 AM

Just checking in, is there some estimate when this can be fixed, still seeing this behaviour with orbit v1.47.4 on Fedora 41

➕ 1

Scott Gress

09/30/2025, 10:30 AM

Thanks for the bump. This should be fixed in 1.48.0, which is currently pushed to the

edge

channel. If you'd like to get that right now, you can update your fleet server config's

agent_options.update_channels

to have

orbit: edge

(see docs here). Once the next release is pushed to stable we recommend switching your update channel back to

stable

ty 2

V Rozhniatovskyi

09/30/2025, 10:50 AM

Thanks, i think we'll stay in stable and wait 🙂

V Rozhniatovskyi

09/30/2025, 10:50 AM

might test in staging though 🙂

Lucas Rodriguez

09/30/2025, 11:45 AM

We should be pushing 1.48.1 to stable sometime this week.

🙌 2

Scott Gress

10/01/2025, 8:03 PM

Update: 1.48.1 released! https://github.com/fleetdm/fleet/blob/main/orbit/CHANGELOG.md#orbit-1481-sep-24-2025. Thanks @Lucas Rodriguez

👌 1

5 Views

Open in Slack

Previous Next