Bug 440075
Summary: | auditd memory leak (11GB in 5 minutes) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joe Nall <joe> | ||||||
Component: | audit | Assignee: | Steve Grubb <sgrubb> | ||||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | rawhide | CC: | dcole, john.wiseman, lenny | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-04-08 19:37:59 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Joe Nall
2008-04-01 16:39:50 UTC
Sorry about the wimpy bug report. The machine was becoming very sluggish and I was worried about losing the browser session when the machine died. Can you give me any details about the auditd.conf file? I am curious if it was in the shipped default config or changed in any way. Thanks. Created attachment 299935 [details]
/etc/audit/audit.rules
Created attachment 299936 [details]
/etc/audit/auditd.conf
The auditd configuration looks fairly simple. I was worried that you have email notification turned on or something else somewhat different like exec command kind of action. Were there anything related to auditd in syslog that was unusual? Which glibc was installed at the time? Have there been any recurrences? OK, I found the memory leak. It was in the End of Event code. This would only be triggered on the 2.6.25 kernel since previous kernels do not send EOE records. audit-1.7-3.fc9 was built to address this problem, please give it a try. I am closing this bug report as I'm pretty sure the leak I found is the one that is causing the problems. If you find a recurrance of this, please note the audit, kernel, and glibc versions. Thanks for reporting the problem. 1.7.3 fixed the memory leak for me. |