Re: semanage commit forces CPU to 100%

All of lore.kernel.org
 help / color / mirror / Atom feed

From: James Carter <jwcart2@tycho.nsa.gov>
To: Andy Ruch <adruch2002@yahoo.com>, SELinux ML <selinux@tycho.nsa.gov>
Subject: Re: semanage commit forces CPU to 100%
Date: Wed, 02 Jul 2014 09:43:57 -0400	[thread overview]
Message-ID: <53B40C9D.90607@tycho.nsa.gov> (raw)
In-Reply-To: <1404306318.6656.YahooMailNeo@web120703.mail.ne1.yahoo.com>

On 07/02/2014 09:05 AM, Andy Ruch wrote:
> Hello,
>
> I'm experiencing a pretty serious issue when making changes with semanage. I'm running RHEL 6.5 with a custom SELinux policy. The semanage process will lockup and use 100% of the CPU. The only way to stop it is to hard reset the system. When I reset the system, the SELinux policy will sometimes become corrupt, forcing me to re-install the policy. This issue will occur roughly one third of the time I run semanage. I have seen this happen when performing several different actions, including doing an SELinux policy RPM update. For testing, however, I repeatedly run:
>
> semanage user -a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 myuser_u
>
>
> I was able to trace it through the python code to where commit() is being called, but I haven't dug into the C code yet. Has anyone seen anything like this before? It could be a problem with my policy, but why doesn't it happen every time? Any thoughts on where to look in the C code?
>
>

How long is the semanage process at 100% before you do a hard reset? Some 
operations do take a while.

Can you reproduce the issue without your custom policy?

-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency

next prev parent reply	other threads:[~2014-07-02 13:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-02 13:05 semanage commit forces CPU to 100% Andy Ruch
2014-07-02 13:43 ` James Carter [this message]
2014-07-02 16:07   ` Andy Ruch
  -- strict thread matches above, loose matches on Subject: below --
2014-07-01 22:42 Andy Ruch

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53B40C9D.90607@tycho.nsa.gov \
    --to=jwcart2@tycho.nsa.gov \
    --cc=adruch2002@yahoo.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.