On Wed, Sep 3, 2008 at 4:09 AM, James Morris <jmorris@xxxxxxxxx> wrote: > On Tue, 2 Sep 2008, Tom London wrote: > >> I'm having some out-of-memory issues with latest kernels: >> https://bugzilla.redhat.com/show_bug.cgi?id=460848 >> >> I've noticed that when this happens, I get audit and AVC spew. >> >> Appears that I get 'sys_rawio', 'sys_admin', and 'sys_resource' AVCs >> for processes that are about to commit suicide. >> >> I have no idea what is causing these, and whether these are bugs (or >> features ;)). >> >> Any ideas/wisdom welcome! > > This patch should fix it: > http://marc.info/?l=selinux&m=122039060813510&w=2 > > -- > James Morris > <jmorris@xxxxxxxxx> > Thanks. I am already running (half of) that patch that fixes security_context_to_sid_core(), and it indeed seems to fix the random oom's. However, I was asking about the (corner?) case where the system legitimately needed to call the oom-killer. Do the above AVCs ('sys_rawio', 'sys_admin', and 'sys_resource') indicate an issue? They did not appear to interfere with the killing of the processes...... tom -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
