Bug 782151 - RPM Python Bindings are leaking. This has caused a huge leak in setroubleshoot, when it hits an AVC storm.
RPM Python Bindings are leaking. This has caused a huge leak in setroubleshoo...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: rpm (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: packaging-team-maint
BaseOS QE Security Team
Depends On: 782147
Blocks: 782150
  Show dependency treegraph
Reported: 2012-01-16 11:34 EST by Daniel Walsh
Modified: 2013-03-07 11:40 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 782147
Last Closed: 2013-03-07 11:40:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Walsh 2012-01-16 11:34:01 EST
+++ This bug was initially created as a clone of Bug #782147 +++

setroubleshoot uses the rpm python bindings and is a long running service, Each time an AVC arrives it checks on the version of selinux policy, the kernel, and potentially the version of the source program and the target program to identify which version of the package was being used.  If we are hit with a storm of AVC's we are seeing the memory skyrocket.  We diagnosed the problem to rpm python bindings leaking.  For now we are removing the bindings and going to executing rpm -qf PATH. Not an ideal solution, but we need this fix in RHEL5 and RHEL6. As well as Fedora.

--- Additional comment from dwalsh@redhat.com on 2012-01-16 11:32:37 EST ---

Dave Malcolm, believes he has a fix for this problem.

Comment 1 Panu Matilainen 2013-03-07 11:40:38 EST
The python bindings in RHEL-5 differ significantly from those of RHEL-6, and those particular leaks are not present in RHEL-5 AFAICT (hence NOTABUG).

The bindings in RHEL-5 might well have some other leaks (the old librpm API has some unfixable leaks in itself), but those would need to be analyzed separately. Since you already have a workaround in place anyway, I dont think its worth the trouble for RHEL-5 at this point.

Note You need to log in before you can comment on or make changes to this bug.