First Last Prev Next    This bug is not in your last search results.
Bug 613823 - package update of policy consumes all ram.
package update of policy consumes all ram.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-12 17:34 EDT by Dave Jones
Modified: 2015-01-04 17:31 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-13 09:08:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Dave Jones 2010-07-12 17:34:26 EDT 
every time I yum update my firewall, it ends up oom'ing when it gets to updating selinux-policy-targeted.   That machine runs from flash, so there's no swap space. Is there anything that can be done to reduce selinux's memory usage, or am I going to have to add a disk/more ram to that machine ?

It has 512MB right now, which is on the lower end of what Fedora supports, but this is the only thing that ever seems to use all the memory. Routing packets isn't particularly memory intensive, so it seems a waste to have to upgrade the hardware.
Comment 1 Daniel Walsh 2010-07-13 09:08:20 EDT 
You can customize the bzip block size and "small" flag via /etc/selinux/semanage.conf. After applying you can add entries like these to your /etc/selinux/semanage.conf to trade off memory vs disk space (block size) and to trade off memory vs runtime (small):

bzip-blocksize=4
bzip-small=1

You can also disable bzip compression altogether for your module store
via:
bzip-blocksize=0
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.