sealert

Daniel J Walsh dwalsh at redhat.com
Sat Dec 15 11:49:47 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/14/2012 09:25 AM, m.roth at 5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 12/13/2012 09:35 AM, m.roth at 5-cent.us wrote:
>>> Current CentOS 6.3
>>> 
>>> I get this. / is only 54%.
>>> 
>>> SELinux is preventing /usr/bin/perl from using the sys_resource 
>>> capability.
>>> 
>>> *****  Plugin sys_resource (91.4 confidence) suggests 
>>> ***********************
> <snip>
>> sys_resource is basically what the kernel will report when you are gone 
>> over a resource limit for a particular UID, and require the sys_resource 
>> capability to continue.  Could be file system, number of processes open
> file
>> descriptors.
>> 
>> We see these happening more in a more for root processes and we have 
>> bugzillas open for expanding the max numbers of processes for root, I
>> think under RHEL, but a quick google did not find it.
> 
> Suddenly, as in the last few weeks to a month, possibly as updates were 
> applied and new kernels run, I'm seeing a bunch of these.
> 
> On another system, I see in this morning's logs ---------------------
> Selinux Audit Begin ------------------------
> 
> **Unmatched Entries** Audit daemon has no space left on logging partition 
> Audit daemon is suspending logging due to no space left on logging 
> partition.
> 
> ---------------------- Selinux Audit End ------------------------- 
> --------------------- Disk Space Begin ------------------------
> 
> Filesystem            Size  Used Avail Use% Mounted on /dev/sda3
> 914G  722G  146G  84% / /dev/sda1            1008M  103M  855M  11% /boot
> 
> ---------------------- Disk Space End -------------------------
> 
> However, I also see that a user was running R, and oom-killer was invoked. 
> My suspicion is that it's *not* disk space that's run out, as the message 
> suggests, but rather that the system ran out of memory, and the sealert 
> gave the wrong information.
> 
> Your thoughts, Dan (or anyone)?
> 
> mark
> 
> -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

Yes I agree.  the sys_resource plugin should explain other reasons then file
system resources that you could get this message.  I would figure you got
sys_resource because you were running out of memory.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDMY9sACgkQrlYvE4MpobPvowCg4c5QOlCO12XCfWcWQ2UNkaXp
VIUAnRH7ZK/093DoN8HM/7tsM9LNB37H
=Lc3e
-----END PGP SIGNATURE-----

More information about the selinux mailing list