Hello. A severe memory consumption problem was discovered in TOMOYO Linux 1.6.5 . There are MAX_GRANT_LOG and MAX_REJECT_LOG parameters in /proc/ccs/profile . These parameters limit number of audit logs kept in kernel space. However, due to a bug in auditing functions, these parameters are ignored. As a result, TOMOYO Linux 1.6.5 kernel tries to keep audit logs in kernel space as many as possible. If /usr/sbin/ccs-auditd is not running on a system, out-of-memory killer (OOM killer) will be triggered and the system will hang. If you are not running /usr/sbin/ccs-auditd , please start /usr/sbin/ccs-auditd /dev/null /dev/null to clear audit logs. Since it is a severe problem, I must rebuild binary packages. If you built your kernel from source using ccs-patch-1.6.5-20081111.tar.gz , please apply the below patch and recompile the kernel. Sincerely. diff -urp 1.6.5/fs/tomoyo_audit.c 1.6.5-hotfix/fs/tomoyo_audit.c --- 1.6.5/fs/tomoyo_audit.c 2008-11-11 09:00:00.000000000 +0900 +++ 1.6.5-hotfix/fs/tomoyo_audit.c 2008-12-09 20:55:52.000000000 +0900 @@ -244,7 +244,7 @@ int ccs_write_audit_log(const bool is_gr struct task_struct *task = current; if (!r->domain) r->domain = task->domain_info; - if (ccs_can_save_audit_log(r->domain, is_granted) < 0) + if (!ccs_can_save_audit_log(r->domain, is_granted)) goto out; va_start(args, fmt); len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
TOMOYO
Fork