Bug 1824152 - openscap scanner runs out of memory when scanning systems with big number of files
Summary: openscap scanner runs out of memory when scanning systems with big number of ...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openscap
Version: 8.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Jan Černý
QA Contact: Matus Marhefka
Jan Fiala
: 1848585 (view as bug list)
Depends On:
Blocks: 1816199 1829782
TreeView+ depends on / blocked
Reported: 2020-04-15 12:54 UTC by Matus Marhefka
Modified: 2021-05-18 15:29 UTC (History)
7 users (show)

Fixed In Version: openscap-1.3.4-1.el8
Doc Type: Bug Fix
Doc Text:
.OpenSCAP can now scan systems with large numbers of files without running out of memory Previously, when scanning systems with low RAM and large numbers of files, the OpenSCAP scanner sometimes caused the system to run out of memory. With this update, OpenSCAP scanner memory management has been improved. As a result, the scanner no longer runs out of memory on systems with low RAM when scanning large numbers of files, for example package groups `Server with GUI` and `Workstation`.
Clone Of:
: 1829782 (view as bug list)
Last Closed: 2021-05-18 15:29:12 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

Description Matus Marhefka 2020-04-15 12:54:48 UTC
Description of problem:
The openscap scanner runs out of memory when scanning systems with big number of packages (for example 'Server with GUI' group). This is always reproducible on systems with minimal HW requirements for RHEL-8 [1] and with 'Server with GUI' group of packages installed. The issue is dependent on a content which is processed by the scanner. Mainly rules which utilize rpm, textfilecontent54 or file probes are causing this issue as some of these rules are processing all rpms/files on a filesystem (for example rules "rpm_verify_*", "file_permissions_*", "dir_perms_*", "no_files_unowned_by_user", etc.).

Note: This is probably due to memory management in openscap scanner. All the collected results are stored in memory until scan finishes.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Setup a VM with 1 CPU core and 1.5 GB RAM [1].
2. Install package group 'Server with GUI'.
3. Tailor a profile which uses many rules like rpm_verify_*", "file_permissions_*", "dir_perms_*", "no_files_unowned_by_user", etc. and use it to scan the system. Alternatively use e8 profile from scap-security-guide as it selects many such rules.
4. Scanner is killed during the scan as it consumes all free memory on the system (OOM kill).

Actual results:
Scanner is killed because system runs out of memory.

Expected results:
Scanner finishes the scan successfully without allocating all the system memory resources.

Additional info:
[1] https://access.redhat.com/articles/rhel-limits#minimum-required-memory-3

Comment 10 Jan Černý 2020-09-09 08:41:43 UTC
*** Bug 1848585 has been marked as a duplicate of this bug. ***

Comment 29 errata-xmlrpc 2021-05-18 15:29:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openscap bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.