On Wed, Sep 3, 2008 at 4:09 AM, James Morris <jmorris(a)namei.org> wrote:
On Tue, 2 Sep 2008, Tom London wrote:
> I'm having some out-of-memory issues with latest kernels:
>
https://bugzilla.redhat.com/show_bug.cgi?id=460848
>
> I've noticed that when this happens, I get audit and AVC spew.
>
> Appears that I get 'sys_rawio', 'sys_admin', and
'sys_resource' AVCs
> for processes that are about to commit suicide.
>
> I have no idea what is causing these, and whether these are bugs (or
> features ;)).
>
> Any ideas/wisdom welcome!
This patch should fix it:
http://marc.info/?l=selinux&m=122039060813510&w=2
--
James Morris
<jmorris(a)namei.org>
Thanks. I am already running (half of) that patch that fixes
security_context_to_sid_core(), and it indeed seems to fix the random
oom's.
However, I was asking about the (corner?) case where the system
legitimately needed to call the oom-killer. Do the above AVCs
('sys_rawio', 'sys_admin', and 'sys_resource') indicate an issue?
They did not appear to interfere with the killing of the
processes......
tom
--
Tom London