Skip to content

Fix handling of exceptions when osquery goes away #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zwass merged 2 commits into from
Apr 15, 2022
Merged

Fix handling of exceptions when osquery goes away #83

zwass merged 2 commits into from
Apr 15, 2022

Conversation

@zwass
Copy link
Member

@zwass zwass commented Apr 12, 2022

This resolves an issue where the extension does not shut down if osquery
goes away unexpectedly (without sending a shutdown signal via Thrift).

The scenario could be reliably reproduced by running osqueryi,
connecting an extension, and then sending a SIGKILL to osqueryi. The
exception thrown in the start_watcher function would be of type
thrift.transport.TTransport.TTransportException, and would cause the
watcher thread to exit without exiting the rest of the program.

This is a possible fix for issues that users have experienced with
extensions reconnecting after the Watchdog kills osquery.

@zwass
Fix handling of exceptions when osquery goes away
baa13ae 
This resolves an issue where the extension does not shut down if osquery
goes away unexpectedly (without sending a shutdown signal via Thrift).

The scenario could be reliably reproduced by running `osqueryi`,
connecting an extension, and then sending a `SIGKILL` to `osqueryi`. The
exception thrown in the `start_watcher` function would be of type
`thrift.transport.TTransport.TTransportException`, and would cause the
watcher thread to exit without exiting the rest of the program.

This is a possible fix for issues that users have experienced with
extensions reconnecting after the Watchdog kills osquery.
@zwass zwass mentioned this pull request Apr 12, 2022
Closed
2 tasks
sharvilshah
sharvilshah requested changes Apr 12, 2022
View reviewed changes
Copy link
Member

@sharvilshah sharvilshah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we will need to update the version in https://github.com/osquery/osquery-python/blob/master/osquery/__init__.py#L7 too?

@zwass
Copy link
Member Author

zwass commented Apr 15, 2022

I'd prefer to keep those version updates in a separate PR (#84). @sharvilshah does that work for you?

@sharvilshah
Copy link
Member

sharvilshah commented Apr 15, 2022

That works!

@zwass zwass merged commit 4cbe297 into osquery:master Apr 15, 2022
@zwass zwass deleted the fix-unexpected-shutdown branch April 15, 2022 15:55
@sharvilshah sharvilshah mentioned this pull request Aug 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sharvilshah sharvilshah sharvilshah approved these changes

@directionless directionless Awaiting requested review from directionless

@theopolis theopolis Awaiting requested review from theopolis

Assignees

No one assigned

Labels

bug ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zwass @sharvilshah