sealert

Fri Dec 14 14:25:04 UTC 2012

Daniel J Walsh wrote:
> On 12/13/2012 09:35 AM, m.roth at 5-cent.us wrote:
>> Current CentOS 6.3
>>
>> I get this. / is only 54%.
>>
>> SELinux is preventing /usr/bin/perl from using the sys_resource
>> capability.
>>
>> *****  Plugin sys_resource (91.4 confidence) suggests
>> ***********************
<snip>
> sys_resource is basically what the kernel will report when you are gone
> over a resource limit for a particular UID, and require the sys_resource
> capability to continue.  Could be file system, number of processes open
file
> descriptors.
>
> We see these happening more in a more for root processes and we have
> bugzillas open for expanding the max numbers of processes for root, I think
> under RHEL, but a quick google did not find it.

Suddenly, as in the last few weeks to a month, possibly as updates were
applied and new kernels run, I'm seeing a bunch of these.

On another system, I see in this morning's logs
 --------------------- Selinux Audit Begin ------------------------

 **Unmatched Entries**
  Audit daemon has no space left on logging partition
  Audit daemon is suspending logging due to no space left on logging
partition.

 ---------------------- Selinux Audit End -------------------------
--------------------- Disk Space Begin ------------------------

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda3             914G  722G  146G  84% /
 /dev/sda1            1008M  103M  855M  11% /boot

 ---------------------- Disk Space End -------------------------

However, I also see that a user was running R, and oom-killer was invoked.
My suspicion is that it's *not* disk space that's run out, as the message
suggests, but rather that the system ran out of memory, and the sealert
gave the wrong information.

Your thoughts, Dan (or anyone)?

       mark