Description of problem:
The openscap scanner runs out of memory when scanning systems with big number of packages (for example 'Server with GUI' group). This is always reproducible on systems with minimal HW requirements for RHEL-8  and with 'Server with GUI' group of packages installed. The issue is dependent on a content which is processed by the scanner. Mainly rules which utilize rpm, textfilecontent54 or file probes are causing this issue as some of these rules are processing all rpms/files on a filesystem (for example rules "rpm_verify_*", "file_permissions_*", "dir_perms_*", "no_files_unowned_by_user", etc.).
Note: This is probably due to memory management in openscap scanner. All the collected results are stored in memory until scan finishes.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup a VM with 1 CPU core and 1.5 GB RAM .
2. Install package group 'Server with GUI'.
3. Tailor a profile which uses many rules like rpm_verify_*", "file_permissions_*", "dir_perms_*", "no_files_unowned_by_user", etc. and use it to scan the system. Alternatively use e8 profile from scap-security-guide as it selects many such rules.
4. Scanner is killed during the scan as it consumes all free memory on the system (OOM kill).
Scanner is killed because system runs out of memory.
Scanner finishes the scan successfully without allocating all the system memory resources.
*** Bug 1848585 has been marked as a duplicate of this bug. ***
Links to upstream commits:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (openscap bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.