On Wed, 2008-09-03 at 06:40 -0700, Tom London wrote: > On Wed, Sep 3, 2008 at 4:09 AM, James Morris <jmorris@xxxxxxxxx> wrote: > > On Tue, 2 Sep 2008, Tom London wrote: > > > >> I'm having some out-of-memory issues with latest kernels: > >> https://bugzilla.redhat.com/show_bug.cgi?id=460848 > >> > >> I've noticed that when this happens, I get audit and AVC spew. > >> > >> Appears that I get 'sys_rawio', 'sys_admin', and 'sys_resource' AVCs > >> for processes that are about to commit suicide. > >> > >> I have no idea what is causing these, and whether these are bugs (or > >> features ;)). > >> > >> Any ideas/wisdom welcome! > > > > This patch should fix it: > > http://marc.info/?l=selinux&m=122039060813510&w=2 > > > > -- > > James Morris > > <jmorris@xxxxxxxxx> > > > Thanks. I am already running (half of) that patch that fixes > security_context_to_sid_core(), and it indeed seems to fix the random > oom's. > > However, I was asking about the (corner?) case where the system > legitimately needed to call the oom-killer. Do the above AVCs > ('sys_rawio', 'sys_admin', and 'sys_resource') indicate an issue? > They did not appear to interfere with the killing of the > processes...... The oom killer tests for those capabilities on potential target processes as part of selecting which process to kill (processes that have those capabilities are less likely to be killed by the oom killer). We should likely use a special hook for those tests that uses the _noaudit interfaces to avoid noise in the audit logs, similar to what was done for vm_enough_memory. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
