Hello.
A severe memory consumption problem was discovered in TOMOYO Linux 1.6.5 .
There are MAX_GRANT_LOG and MAX_REJECT_LOG parameters in /proc/ccs/profile .
These parameters limit number of audit logs kept in kernel space.
However, due to a bug in auditing functions, these parameters are ignored.
As a result, TOMOYO Linux 1.6.5 kernel tries to keep audit logs in kernel space
as many as possible. If /usr/sbin/ccs-auditd is not running on a system,
out-of-memory killer (OOM killer) will be triggered and the system will hang.
If you are not running /usr/sbin/ccs-auditd , please start
/usr/sbin/ccs-auditd /dev/null /dev/null
to clear audit logs.
Since it is a severe problem, I must rebuild binary packages.
If you built your kernel from source using ccs-patch-1.6.5-20081111.tar.gz ,
please apply the below patch and recompile the kernel.
Sincerely.
diff -urp 1.6.5/fs/tomoyo_audit.c 1.6.5-hotfix/fs/tomoyo_audit.c
--- 1.6.5/fs/tomoyo_audit.c 2008-11-11 09:00:00.000000000 +0900
+++ 1.6.5-hotfix/fs/tomoyo_audit.c 2008-12-09 20:55:52.000000000 +0900
@@ -244,7 +244,7 @@ int ccs_write_audit_log(const bool is_gr
struct task_struct *task = current;
if (!r->domain)
r->domain = task->domain_info;
- if (ccs_can_save_audit_log(r->domain, is_granted) < 0)
+ if (!ccs_can_save_audit_log(r->domain, is_granted))
goto out;
va_start(args, fmt);
len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
