sealert
Daniel J Walsh
dwalsh at redhat.com
Sat Dec 15 11:49:47 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/14/2012 09:25 AM, m.roth at 5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 12/13/2012 09:35 AM, m.roth at 5-cent.us wrote:
>>> Current CentOS 6.3
>>>
>>> I get this. / is only 54%.
>>>
>>> SELinux is preventing /usr/bin/perl from using the sys_resource
>>> capability.
>>>
>>> ***** Plugin sys_resource (91.4 confidence) suggests
>>> ***********************
> <snip>
>> sys_resource is basically what the kernel will report when you are gone
>> over a resource limit for a particular UID, and require the sys_resource
>> capability to continue. Could be file system, number of processes open
> file
>> descriptors.
>>
>> We see these happening more in a more for root processes and we have
>> bugzillas open for expanding the max numbers of processes for root, I
>> think under RHEL, but a quick google did not find it.
>
> Suddenly, as in the last few weeks to a month, possibly as updates were
> applied and new kernels run, I'm seeing a bunch of these.
>
> On another system, I see in this morning's logs ---------------------
> Selinux Audit Begin ------------------------
>
> **Unmatched Entries** Audit daemon has no space left on logging partition
> Audit daemon is suspending logging due to no space left on logging
> partition.
>
> ---------------------- Selinux Audit End -------------------------
> --------------------- Disk Space Begin ------------------------
>
> Filesystem Size Used Avail Use% Mounted on /dev/sda3
> 914G 722G 146G 84% / /dev/sda1 1008M 103M 855M 11% /boot
>
> ---------------------- Disk Space End -------------------------
>
> However, I also see that a user was running R, and oom-killer was invoked.
> My suspicion is that it's *not* disk space that's run out, as the message
> suggests, but rather that the system ran out of memory, and the sealert
> gave the wrong information.
>
> Your thoughts, Dan (or anyone)?
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Yes I agree. the sys_resource plugin should explain other reasons then file
system resources that you could get this message. I would figure you got
sys_resource because you were running out of memory.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDMY9sACgkQrlYvE4MpobPvowCg4c5QOlCO12XCfWcWQ2UNkaXp
VIUAnRH7ZK/093DoN8HM/7tsM9LNB37H
=Lc3e
-----END PGP SIGNATURE-----
More information about the selinux
mailing list