| Summary: | auditd gets flooded by selinux from qemu-kvm | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | lejeczek <peljasz> | ||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 6.1 | CC: | dwalsh, mmalik | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-04-17 11:03:28 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Attachments: |
|
||||||||
Created attachment 547792 [details]
syscall
why not a bug? thanks in advance how to troubleshoot this problem? find a cause? reboot helped. If I understand correctly, it is ok now? |
Created attachment 547791 [details] avc Description of problem: we run Win7 and XPs as guest, roughly about 15 guests in total on a fairly fast R815 server I've haven't had a chance to reboot the system to see it helps, I know this strange problem occurred suddenly, yesterday at earliest, before all had been fine. how to troubleshoot it? help greatly appreciated. setting SELinux permissive helps the flood: Dec 16 12:24:36 whale kernel: __ratelimit: 3447823 callbacks suppressed Dec 16 12:24:36 whale kernel: audit: audit_backlog=8208 > audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_lost=-1990943771 audit_rate_limit=0 audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_backlog=8208 > audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_lost=-1990943771 audit_rate_limit=0 audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_backlog=8208 > audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_lost=-1990943771 audit_rate_limit=0 audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_lost=-1990943771 audit_rate_limit=0 audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_lost=-1990943771 audit_rate_limit=0 audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_backlog=8208 > audit_backlog_limit=8192 Dec 16 12:24:36 whale kernel: audit: audit_backlog=8208 > audit_backlog_limit=8192 Dec 16 12:24:36 whale auditd[24963]: Audit daemon rotating log files Dec 16 12:24:38 whale auditd[24963]: Audit daemon rotating log files Dec 16 12:24:39 whale auditd[24963]: Audit daemon rotating log files Dec 16 12:24:40 whale auditd[24963]: Audit daemon rotating log files Dec 16 12:24:41 whale kernel: __ratelimit: 3252244 callbacks suppressed Dec 16 12:24:41 whale kernel: audit: audit_lost=-1989859686 audit_rate_limit=0 audit_backlog_limit=8192 Dec 16 12:24:41 whale kernel: audit: backlog limit exceeded Version-Release number of selected component (if applicable): 2.6.32-131.17.1.el6.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: