* semanage commit forces CPU to 100%
@ 2014-07-01 22:42 Andy Ruch
0 siblings, 0 replies; 4+ messages in thread
From: Andy Ruch @ 2014-07-01 22:42 UTC (permalink / raw)
To: SELinux ML
Hello,
I'm experiencing a pretty serious issue when making changes with semanage. I'm running RHEL 6.5 with a custom SELinux policy. The semanage process will lockup and use 100% of the CPU. The only way to stop it is to hard reset the system. When I reset the system, the SELinux policy will sometimes become corrupt, forcing me to re-install the policy. This issue will occur roughly one third of the time I run semanage. I have seen this happen when performing several different actions, including doing an SELinux policy RPM update. For testing, however, I repeatedly run:
semanage user -a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 myuser_u
I was able to trace it through the python code to where commit() is being called, but I haven't dug into the C code yet. Has anyone seen anything like this before? It could be a problem with my policy, but why doesn't it happen every time? Any thoughts on where to look in the C code?
Thanks,
Andy Ruch
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: semanage commit forces CPU to 100%
2014-07-02 13:43 ` James Carter
@ 2014-07-02 16:07 ` Andy Ruch
0 siblings, 0 replies; 4+ messages in thread
From: Andy Ruch @ 2014-07-02 16:07 UTC (permalink / raw)
To: James Carter, SELinux ML
> On Wednesday, July 2, 2014 7:42 AM, James Carter <jwcart2@tycho.nsa.gov> wrote:
> > On 07/02/2014 09:05 AM, Andy Ruch wrote:
>
>> Hello,
>>
>> I'm experiencing a pretty serious issue when making changes with
> semanage. I'm running RHEL 6.5 with a custom SELinux policy. The semanage
> process will lockup and use 100% of the CPU. The only way to stop it is to hard
> reset the system. When I reset the system, the SELinux policy will sometimes
> become corrupt, forcing me to re-install the policy. This issue will occur
> roughly one third of the time I run semanage. I have seen this happen when
> performing several different actions, including doing an SELinux policy RPM
> update. For testing, however, I repeatedly run:
>>
>> semanage user -a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 myuser_u
>>
>>
>> I was able to trace it through the python code to where commit() is being
> called, but I haven't dug into the C code yet. Has anyone seen anything like
> this before? It could be a problem with my policy, but why doesn't it happen
> every time? Any thoughts on where to look in the C code?
>>
>>
>
> How long is the semanage process at 100% before you do a hard reset? Some
> operations do take a while.
>
> Can you reproduce the issue without your custom policy?
>
> --
> James Carter <jwcart2@tycho.nsa.gov>
> National Security Agency
>
When the command works, it will take a few seconds. When it fails, I've waited up to 10 minutes and it still never returns.
Unfortunately, my system is pretty customized so I can't run the targeted policy on there. When I do a straight RHEL install, I can't get it to fail (in the limited testing that I did). That's why I suspect it's my policy, but I'm not sure why it would only fail some of the time.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: semanage commit forces CPU to 100%
2014-07-02 13:05 Andy Ruch
@ 2014-07-02 13:43 ` James Carter
2014-07-02 16:07 ` Andy Ruch
0 siblings, 1 reply; 4+ messages in thread
From: James Carter @ 2014-07-02 13:43 UTC (permalink / raw)
To: Andy Ruch, SELinux ML
On 07/02/2014 09:05 AM, Andy Ruch wrote:
> Hello,
>
> I'm experiencing a pretty serious issue when making changes with semanage. I'm running RHEL 6.5 with a custom SELinux policy. The semanage process will lockup and use 100% of the CPU. The only way to stop it is to hard reset the system. When I reset the system, the SELinux policy will sometimes become corrupt, forcing me to re-install the policy. This issue will occur roughly one third of the time I run semanage. I have seen this happen when performing several different actions, including doing an SELinux policy RPM update. For testing, however, I repeatedly run:
>
> semanage user -a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 myuser_u
>
>
> I was able to trace it through the python code to where commit() is being called, but I haven't dug into the C code yet. Has anyone seen anything like this before? It could be a problem with my policy, but why doesn't it happen every time? Any thoughts on where to look in the C code?
>
>
How long is the semanage process at 100% before you do a hard reset? Some
operations do take a while.
Can you reproduce the issue without your custom policy?
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
^ permalink raw reply [flat|nested] 4+ messages in thread
* semanage commit forces CPU to 100%
@ 2014-07-02 13:05 Andy Ruch
2014-07-02 13:43 ` James Carter
0 siblings, 1 reply; 4+ messages in thread
From: Andy Ruch @ 2014-07-02 13:05 UTC (permalink / raw)
To: SELinux ML
Hello,
I'm experiencing a pretty serious issue when making changes with semanage. I'm running RHEL 6.5 with a custom SELinux policy. The semanage process will lockup and use 100% of the CPU. The only way to stop it is to hard reset the system. When I reset the system, the SELinux policy will sometimes become corrupt, forcing me to re-install the policy. This issue will occur roughly one third of the time I run semanage. I have seen this happen when performing several different actions, including doing an SELinux policy RPM update. For testing, however, I repeatedly run:
semanage user -a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 myuser_u
I was able to trace it through the python code to where commit() is being called, but I haven't dug into the C code yet. Has anyone seen anything like this before? It could be a problem with my policy, but why doesn't it happen every time? Any thoughts on where to look in the C code?
Thanks,
Andy Ruch
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-07-02 16:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-01 22:42 semanage commit forces CPU to 100% Andy Ruch
2014-07-02 13:05 Andy Ruch
2014-07-02 13:43 ` James Carter
2014-07-02 16:07 ` Andy Ruch
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.