AVCs generated by oom actions....
by Tom London
I'm having some out-of-memory issues with latest kernels:
https://bugzilla.redhat.com/show_bug.cgi?id=460848
I've noticed that when this happens, I get audit and AVC spew.
Appears that I get 'sys_rawio', 'sys_admin', and 'sys_resource' AVCs
for processes that are about to commit suicide.
I have no idea what is causing these, and whether these are bugs (or
features ;)).
Any ideas/wisdom welcome!
tom
[root@tlondon ~]# audit2allow -i oom-audit.txt
#============= NetworkManager_t ==============
allow NetworkManager_t self:capability { sys_rawio sys_admin sys_resource };
#============= audisp_t ==============
allow audisp_t self:capability { sys_rawio sys_admin sys_resource };
#============= auditd_t ==============
allow auditd_t self:capability { sys_rawio sys_admin };
#============= bluetooth_t ==============
allow bluetooth_t self:capability { sys_rawio sys_admin sys_resource };
#============= consolekit_t ==============
allow consolekit_t self:capability { sys_rawio sys_admin sys_resource };
#============= dhcpc_t ==============
allow dhcpc_t self:capability { sys_rawio sys_admin };
#============= getty_t ==============
allow getty_t self:capability sys_rawio;
#============= kerneloops_t ==============
allow kerneloops_t self:capability { sys_rawio sys_admin sys_resource };
#============= restorecond_t ==============
allow restorecond_t self:capability { sys_rawio sys_admin sys_resource };
#============= rpcd_t ==============
allow rpcd_t self:capability { sys_rawio sys_admin sys_resource };
#============= sendmail_t ==============
allow sendmail_t self:capability { sys_rawio sys_admin sys_resource };
#============= setroubleshootd_t ==============
allow setroubleshootd_t self:capability { sys_rawio sys_admin sys_resource };
#============= sshd_t ==============
allow sshd_t self:capability { sys_rawio sys_admin };
#============= syslogd_t ==============
allow syslogd_t self:capability sys_rawio;
#============= unconfined_mono_t ==============
allow unconfined_mono_t self:process execstack;
#============= xdm_t ==============
allow xdm_t self:capability sys_admin;
[root@tlondon ~]#
--
Tom London
15 years, 7 months
Linux/Unix system admin looking for job
by foreverterran
Hello,
ABOUT ME:
EXPERIENCE SUMMARY:
Operating Systems:
. FreeBSD
. RHEL
. Suse, SLES 9/10
. CentOS
. Fedora
. Ubuntu
. Debian
. Microsoft Windows 98/xp/2000/2003/NT
Software and Networking:
. Apache HTTP/HTTPS servers (versions 1.3.x/2.x )
. Mail (Sendmail, Postfix, Amavisd-new, ClamAV, Spamassassin, Courier IMAP)
. MySQL, PostgreSQL, Sybase (backup, maintenance, tuning, replication)
. Monitoring (MRTG, Zabbix, Munin)
. Samba, NFS
. NTP, ntpdate
. Firewall (iptables, ipfw, ipfilter, shorewall)
. LDAP (OpenLDAP)
. Backup (Rsnapshot, Amanda)
. Virtualisation (Qemu, Vmware, Xen)
. High Availability (Hearbeat, load balancing)
. TCP/IP, UDP, ICMP, DHCP, SNMP, NAT, VPN
. Perl, bash scripting
Working experience:
. Administrated and configured more then 50 linux/unix servers.
. Managing of the mail service using Sendmail and Postfix (virtual domains,
MySQL, Antispam, Antivirus, SMTP authentication SASL). More then 5000
mailusers.
. Managing, using Postfix and LDAP (Antispam, Antivirus, OpenLDAP, SMTP
authentication SASL). More the 10 000 mailusers.
. Tuning, maintained huge MySQL databases.
. Apache (1.3.x / 2.x) tuning. Strong security experience
. Implemented Rsnapshot, Amanda backup system.
. Central monitoring system (Zabbix).
. Software/hardware testing.
. High Availability servers setup using Hearbeat.
. Load balancing.
WORK HISTORY:
February 2002 - July 2003
System administration of UNIX Internet servers. Setup and support mail
server with Sendmail and Postfix MTA (virtual domains, MySQL, Antispam,
Antivirus, SMTP+Auth) more then 5000 mailusers, Apache, DNS(Bind), FTP,
Samba. LAN/WAN security, VPN. Firewall tuning (shorewall, iptables).
Juny 2003 - February 2005
Setup and support mail servers with Postfix MTA and LDAP (Spamassassin,
ClamAV, OpenLDAP, SMTP auth). More the 10 000 mailusers.
Huge MySQL database tuning, support. High raffic Apache web servers tuning.
Network Security Auditing. Monitoring system (Munin).
February 2005 - June 2006
Network management (packet analize, logs). Maintenance of security policies
throughout the network. Design and implementation of a daily backup plan
(rsnapshot). Sybase and PostgreSQL deployment/maintainence. Shell scripting
(SED,AWK).
June 2006 - August 2008
Responsible for network wide securit. Installed and maintained several load
balancers. Wifi station and AP security. IBM Blade center virtualisation
(Qemu, Vmware, Xen). Several DNS, LDAP, SMTP, SMTP-backup, POP3, Apache,
High Availability (Hearbeat) servers setup, maintenance. Central monitoring
system (Zabbix).
CERTIFICATE:
1. Novell Certified Linux Professional 10
2. Linux technical specialist
EDUCATION:
1.Informatics Bachelor's degree.
Telecommute!
mail: foreverterran(a)gmail.com
15 years, 7 months