Hi,
I've been running a minimally configured CentOS VM (with 256MB of memory). This morning I upgraded to 6.3 and prior to rebooting I created /.autorelabel which caused the following errors:
This looks similar to:
https://bugzilla.redhat.com/show_bug.cgi?id=633807
...albeit for Fedora 16. I'm not sure if I should open a bugzilla as I'm running a VM in a non-supported configuration (512MB is the minimum suggested). I remember I even couldn't perform the installation with 256MB (Anaconda didn't allowed it so I had to increase it to 512MB). After installation I lowered the memory back to 256MB.
Are the F16 changes to handle this ever coming to RHEL6 or will it be for RHEL7?
Thanks, Jorge
On 10/07/12 15:16, Jorge Fábregas wrote:
Hi,
I've been running a minimally configured CentOS VM (with 256MB of memory). This morning I upgraded to 6.3 and prior to rebooting I created /.autorelabel which caused the following errors:
This looks similar to:
https://bugzilla.redhat.com/show_bug.cgi?id=633807
...albeit for Fedora 16. I'm not sure if I should open a bugzilla as I'm running a VM in a non-supported configuration (512MB is the minimum suggested). I remember I even couldn't perform the installation with 256MB (Anaconda didn't allowed it so I had to increase it to 512MB). After installation I lowered the memory back to 256MB.
Are the F16 changes to handle this ever coming to RHEL6 or will it be for RHEL7?
Thanks, Jorge -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Jorge, Semodule can eat 100MB of memory easily, while it compiles modules. Have you got a swap space ? If yes, increase the memory limit in 128MB increments.
Regards,
Tristan
On 07/10/2012 10:26 AM, Tristan Santore wrote:
Semodule can eat 100MB of memory easily, while it compiles modules. Have you got a swap space ? If yes, increase the memory limit in 128MB increments.
Hi Tristan,
Yes, I have 1GB of swap space (size was chosen by Anaconda) as I left the default filesystem layout. It is strange indeed that, even with lots of swap, I still got that error.
Regards, Jorge
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/10/2012 10:39 AM, Jorge Fábregas wrote:
On 07/10/2012 10:26 AM, Tristan Santore wrote:
Semodule can eat 100MB of memory easily, while it compiles modules. Have you got a swap space ? If yes, increase the memory limit in 128MB increments.
Hi Tristan,
Yes, I have 1GB of swap space (size was chosen by Anaconda) as I left the default filesystem layout. It is strange indeed that, even with lots of swap, I still got that error.
Regards, Jorge -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
relabeling would not be executing semodule or rebuilding policy.
It is just running restorecon -R / or the equivalent. This should not be using up huge amounts of memory.
On 07/10/2012 04:15 PM, Daniel J Walsh wrote:
relabeling would not be executing semodule or rebuilding policy.
I see but, then, why is there a reference to "semodule" in the errors I got?
It is just running restorecon -R / or the equivalent. This should not be using up huge amounts of memory.
If I perform a manual "restorecon -R /" I don't get any errors.
-- Jorge
On 07/10/2012 10:16 AM, Jorge Fábregas wrote:
I've been running a minimally configured CentOS VM (with 256MB of memory). This morning I upgraded to 6.3 and prior to rebooting I created /.autorelabel which caused the following errors:
Update: I just performed a new installation of RHEL 6.3 (not CentOS) and could totally recreate the problem (with 256 MB of RAM).
-- Jorge
On 07/10/2012 08:56 PM, Jorge Fábregas wrote:
Update: I just performed a new installation of RHEL 6.3 (not CentOS) and could totally recreate the problem (with 256 MB of RAM).
Bug filed:
https://bugzilla.redhat.com/show_bug.cgi?id=839255
Regards, Jorge
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/11/2012 07:49 AM, Jorge Fábregas wrote:
On 07/10/2012 08:56 PM, Jorge Fábregas wrote:
Update: I just performed a new installation of RHEL 6.3 (not CentOS) and could totally recreate the problem (with 256 MB of RAM).
Bug filed:
https://bugzilla.redhat.com/show_bug.cgi?id=839255
Regards, Jorge -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Most likely we will just close this, since we do not support this small of memory system.
On 07/11/2012 09:43 AM, Daniel J Walsh wrote:
Most likely we will just close this, since we do not support this small of memory system.
I thought about that but considering that Red Hat is heaviliy promoting the "cloud" (along with virtualization) I thought it was worth to report it.
I bet there are thousands of VMs running out there with or less than 256MB of memory.
-- Jorge
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/11/2012 10:58 AM, Jorge Fábregas wrote:
On 07/11/2012 09:43 AM, Daniel J Walsh wrote:
Most likely we will just close this, since we do not support this small of memory system.
I thought about that but considering that Red Hat is heaviliy promoting the "cloud" (along with virtualization) I thought it was worth to report it.
I bet there are thousands of VMs running out there with or less than 256MB of memory.
-- Jorge -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
I guess we could check to see if there is enough memory to run genhomedircon, else just exit immediately.
Since all genhomedircon is a script that runs semodule -Bn got any good ideas how to check the amount of memory on the machine?
Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/11/2012 10:58 AM, Jorge Fábregas wrote:
On 07/11/2012 09:43 AM, Daniel J Walsh wrote:
Most likely we will just close this, since we do not support this small of memory system.
<snip>
I guess we could check to see if there is enough memory to run genhomedircon, else just exit immediately.
Since all genhomedircon is a script that runs semodule -Bn got any good ideas how to check the amount of memory on the machine?
free | awk '{ if ( NR == 2 ) { if ( $4 > somenum ) { exit 0; } else { exit 1; }}}'
mark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/11/2012 11:36 AM, m.roth@5-cent.us wrote:
free | awk '{ if ( NR == 2 ) { if ( $4 > somenum ) { exit 0; } else { exit 1; }}}'
How about something like:
#!/bin/sh free | awk '{ if ( NR == 2 ) { if ( $4 < 25000 ) { exit 22; }}}' /usr/sbin/semodule -Bn
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/10/2012 08:56 PM, Jorge Fábregas wrote:
On 07/10/2012 10:16 AM, Jorge Fábregas wrote:
I've been running a minimally configured CentOS VM (with 256MB of memory). This morning I upgraded to 6.3 and prior to rebooting I created /.autorelabel which caused the following errors:
Update: I just performed a new installation of RHEL 6.3 (not CentOS) and could totally recreate the problem (with 256 MB of RAM).
-- Jorge -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Strange I do not know what semodule would be doing here. BTW Picture states Centos, not RHEL.
You could just remove the /.autorelabel, all the machine to boot in permissive mode and then run the restorecon. I believe the script is just running fixfiles -F restore, and on Fedora I do not see any semodule/semanage commands. I am booting up a RHEL6 box to see if there is anything there.
On 07/11/2012 09:42 AM, Daniel J Walsh wrote:
BTW Picture states Centos, not RHEL.
I quoted my original post where I stated it was from CentOS. The attached screenshot in bugzilla is indeed from RHEL.
You could just remove the /.autorelabel, all the machine to boot in permissive mode and then run the restorecon. I believe the script is just running fixfiles -F restore, and on Fedora I do not see any semodule/semanage commands.
Yes, there are a couple of workarounds. I just wanted to point this out as it seemed very strange (and I've never seen it before).
I am booting up a RHEL6 box to see if there is anything there.
Thanks.
-- Jorge
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/11/2012 10:40 AM, Jorge Fábregas wrote:
On 07/11/2012 09:42 AM, Daniel J Walsh wrote:
BTW Picture states Centos, not RHEL.
I quoted my original post where I stated it was from CentOS. The attached screenshot in bugzilla is indeed from RHEL.
You could just remove the /.autorelabel, all the machine to boot in permissive mode and then run the restorecon. I believe the script is just running fixfiles -F restore, and on Fedora I do not see any semodule/semanage commands.
Yes, there are a couple of workarounds. I just wanted to point this out as it seemed very strange (and I've never seen it before).
I am booting up a RHEL6 box to see if there is anything there.
Thanks.
-- Jorge -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Ok the problem is we are calling genhomedircon to make sure the homedirs get labeled correctly. If you remove this file you should not see the problem.
selinux@lists.fedoraproject.org