+++ This bug was initially created as a clone of Bug #782147 +++ setroubleshoot uses the rpm python bindings and is a long running service, Each time an AVC arrives it checks on the version of selinux policy, the kernel, and potentially the version of the source program and the target program to identify which version of the package was being used. If we are hit with a storm of AVC's we are seeing the memory skyrocket. We diagnosed the problem to rpm python bindings leaking. For now we are removing the bindings and going to executing rpm -qf PATH. Not an ideal solution, but we need this fix in RHEL5 and RHEL6. As well as Fedora. --- Additional comment from dwalsh on 2012-01-16 11:32:37 EST --- Dave Malcolm, believes he has a fix for this problem. http://lists.rpm.org/pipermail/rpm-maint/2011-December/003138.html
The python bindings in RHEL-5 differ significantly from those of RHEL-6, and those particular leaks are not present in RHEL-5 AFAICT (hence NOTABUG). The bindings in RHEL-5 might well have some other leaks (the old librpm API has some unfixable leaks in itself), but those would need to be analyzed separately. Since you already have a workaround in place anyway, I dont think its worth the trouble for RHEL-5 at this point.