Your message dated Tue, 27 Oct 2009 17:32:16 -0500
with message-id <[email protected]>
and subject line Re: Bug#552559: restorecond uses 99+% CPU with 2.6.31.x kernel
has caused the Debian Bug report #552559,
regarding restorecond uses 99+% CPU with 2.6.31.x kernel
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
552559: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552559
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: policycoreutils
Version: 2.0.49-8
Severity: important
Hi,
when used with a 2.6.31.x kernel restorecond eats up 99+% CPU at boot. I
assume it is a similar issue as the inotify/utmp problem fixed in
version 2.0.74-1 according to the changelog. However, here it is
triggered with /var/run/utmp removed from /etc/selinux/restorecond.conf.
I can clear it by:
- invoke-rc.d policycoreutils restart
- saving restorecond.conf with an editor while restorecond runs, not
necessarily changing restorecond.conf
I can't clear it by:
- touch /etc/selinux/restorecond.conf
I think the bug was triggered once when installing a batch of packages
that should not have touched any file listed in restorecond.conf, but
I'm not 100% sure I had restarted restorecond before.
I'm filing this bug as important because it seriously affects the
usability for users of 2.6.31.x kernels while not being noticeable to
users of regular kernels as shipped with lenny.
As there will probably be no 2.6.31+ kernel in lenny I guess that
backporting a bugfix or upgrading policycoreutils is unlikely. Before
downgrading or closing this bug I'd suggest to:
- not start restorecond on lenny with 2.6.31+ kernels (if this is
feasible) or
- print a message mentioning the incompatibility with 2.6.31+ kernels
during installation or boot so people building their own 2.6.31+
kernels are aware of the problem.
Regards
Jens
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.31.5
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=UTF-8) (ignored: LC_ALL set to
de_DE.utf8)
Shell: /bin/sh linked to /bin/bash
Versions of packages policycoreutils depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libselinux1 2.0.65-5 SELinux shared libraries
ii libsemanage1 2.0.25-3 shared libraries used by SELinux p
ii libsepol1 2.0.30-2 Security Enhanced Linux policy lib
ii python 2.5.2-3 An interactive high-level object-o
ii python-selinux 2.0.65-5 Python bindings to SELinux shared
ii python-semanage 2.0.25-3 Python bindings for SELinux polic
ii python-sepolgen 1.0.11-5 A Python module used in SELinux po
Versions of packages policycoreutils recommends:
pn selinux-policy-default <none> (no description available)
policycoreutils suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Wed, 14 Oct 2009 02:08:04 -0500
Source: policycoreutils
Binary: policycoreutils
Architecture: source amd64
Version: 2.0.74-1
Distribution: unstable
Urgency: low
Maintainer: Russell Coker <[email protected]>
Changed-By: Manoj Srivastava <[email protected]>
Description:
policycoreutils - SELinux core policy utilities
Closes: 515710
Changes:
policycoreutils (2.0.74-1) unstable; urgency=low
.
* New upstream point release
+ Change semodule upgrade behavior to install even if the module
+ is not present from Dan Walsh.
+ Make setfiles label if selinux is disabled and a seclabel aware
+ kernel is running from Caleb Case.
+ Clarify forkpty() error message in run_init from Manoj Srivastava.
+ Add semanage dontaudit to turn off dontaudits from Dan Walsh.
+ Fix semanage to set correct mode for setrans file from Dan Walsh.
+ Fix malformed dictionary in portRecord from Dan Walsh.
* Added patch from Martin Orr to fix a loop in the inotify watch code
when installing a watch on utmp.
* [863fb62]: topic--debian: Improve error messages on forkpty failure
The current error message when forkpty() fails is not clear or
useful. The following patch makes indicate what went wrong.
Bug fix: "The error message on forkpty() failure is not clear or
useful.", thanks to Russell Coker (Closes: #515710).
Checksums-Sha1:
92ef0352425631af90568d3a6641f98f9cb7675a 1363 policycoreutils_2.0.74-1.dsc
8b5264cfad3f6f70258a5f2bf469f00d9e787829 833853
policycoreutils_2.0.74.orig.tar.gz
3a5d4764bdae625abd6987fec09c1c4c6848b5aa 182534
policycoreutils_2.0.74-1.diff.gz
b0e893935ea68859f3ff62df378133e32da051f8 441376
policycoreutils_2.0.74-1_amd64.deb
Checksums-Sha256:
99b0ddd3696b19753419637095ab0af3d737ecbb53ba62188c7666a5b8565949 1363
policycoreutils_2.0.74-1.dsc
021c0dbe5c5f55bc08b9e7d4f4a9ac8e05ea2191a0bf54687aa8d2c0b19e3f6f 833853
policycoreutils_2.0.74.orig.tar.gz
3c2dcdc62f6c3e391dcf18c8c3444ba8a699d5d65aac5ef8428e8f6ab4c70f2e 182534
policycoreutils_2.0.74-1.diff.gz
3fc10eb007045001fc26a7ab735c55f38fc5d51b9dfad8b67ceb5ce547f813b4 441376
policycoreutils_2.0.74-1_amd64.deb
Files:
dc234ea976c8cfe42fa0b51d72727772 1363 utils standard
policycoreutils_2.0.74-1.dsc
2f0750c65d0c96a2a3054a9f272f5555 833853 utils standard
policycoreutils_2.0.74.orig.tar.gz
9be13d8e99f37325f3e4a27901b74d78 182534 utils standard
policycoreutils_2.0.74-1.diff.gz
7236d7b1cfac47275afd5b9de2bbf0ce 441376 utils standard
policycoreutils_2.0.74-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14-svn0 (GNU/Linux)
iEYEAREDAAYFAkrVe50ACgkQIbrau78kQkyQPACg1KmoTpPneQPXaqw2w85/I3Of
XoUAoIDWtf/Pb9FP2ZfngI2aGpDiBEVO
=LB15
-----END PGP SIGNATURE-----
--
"Send lawyers, guns and money..." Lyrics from a Warren Zevon song
Manoj Srivastava <[email protected]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--- End Message ---
