尝试设置布尔值时 SElinux 进程被终止

尝试设置布尔值时 SElinux 进程被终止

我遇到了一个奇怪的问题。我无法允许 Apache 连接到我的 CentOC 6.4 机器上的数据库:

[root@centos6 ~]# setsebool -P httpd_can_network_connect on
Killed
[root@centos6 ~]# sestatus -b | grep httpd_can_network_connect
httpd_can_network_connect                   off
httpd_can_network_connect_cobbler           off
httpd_can_network_connect_db                off

我查看了日志文件,但没有日志消息:

tail -f /var/log/audit/audit.log

更新:

其中有一些信息/var/log/messages

Nov  9 19:07:16 centos6 kernel: setsebool invoked oom-killer: gfp_mask=0x280da, order=0, oom_adj=0, oom_score_adj=0
Nov  9 19:07:16 centos6 kernel: setsebool cpuset=/ mems_allowed=0
Nov  9 19:07:16 centos6 kernel: Pid: 1660, comm: setsebool Not tainted 2.6.32-358.23.2.el6.x86_64 #1
Nov  9 19:07:16 centos6 kernel: Call Trace:
Nov  9 19:07:16 centos6 kernel: [<ffffffff810cb641>] ? cpuset_print_task_mems_allowed+0x91/0xb0
Nov  9 19:07:16 centos6 kernel: [<ffffffff8111ce40>] ? dump_header+0x90/0x1b0
Nov  9 19:07:16 centos6 kernel: [<ffffffff8111d2c2>] ? oom_kill_process+0x82/0x2a0
Nov  9 19:07:16 centos6 kernel: [<ffffffff8111d201>] ? select_bad_process+0xe1/0x120
Nov  9 19:07:16 centos6 kernel: [<ffffffff8111d700>] ? out_of_memory+0x220/0x3c0
Nov  9 19:07:16 centos6 kernel: [<ffffffff8112c3dc>] ? __alloc_pages_nodemask+0x8ac/0x8d0
Nov  9 19:07:16 centos6 kernel: [<ffffffff81160d6a>] ? alloc_pages_vma+0x9a/0x150
Nov  9 19:07:16 centos6 kernel: [<ffffffff81143f0b>] ? handle_pte_fault+0x76b/0xb50
Nov  9 19:07:16 centos6 kernel: [<ffffffff81228664>] ? task_has_capability+0xb4/0x110
Nov  9 19:07:16 centos6 kernel: [<ffffffff81004a49>] ? __raw_callee_save_xen_pmd_val+0x11/0x1e
Nov  9 19:07:16 centos6 kernel: [<ffffffff8114452a>] ? handle_mm_fault+0x23a/0x310
Nov  9 19:07:16 centos6 kernel: [<ffffffff811485b6>] ? vma_adjust+0x556/0x5e0
Nov  9 19:07:16 centos6 kernel: [<ffffffff810474e9>] ? __do_page_fault+0x139/0x480
Nov  9 19:07:16 centos6 kernel: [<ffffffff81148b8a>] ? vma_merge+0x29a/0x3e0
Nov  9 19:07:16 centos6 kernel: [<ffffffff81149fdc>] ? do_brk+0x26c/0x350
Nov  9 19:07:16 centos6 kernel: [<ffffffff8100ba1d>] ? retint_restore_args+0x5/0x6
Nov  9 19:07:16 centos6 kernel: [<ffffffff81513bfe>] ? do_page_fault+0x3e/0xa0
Nov  9 19:07:16 centos6 kernel: [<ffffffff81510fb5>] ? page_fault+0x25/0x30
Nov  9 19:07:16 centos6 kernel: Mem-Info:
Nov  9 19:07:16 centos6 kernel: Node 0 DMA per-cpu:
Nov  9 19:07:16 centos6 kernel: CPU    0: hi:    0, btch:   1 usd:   0
Nov  9 19:07:16 centos6 kernel: Node 0 DMA32 per-cpu:
Nov  9 19:07:16 centos6 kernel: CPU    0: hi:  186, btch:  31 usd:  30
Nov  9 19:07:16 centos6 kernel: active_anon:132249 inactive_anon:46 isolated_anon:0
Nov  9 19:07:16 centos6 kernel: active_file:56 inactive_file:59 isolated_file:0
Nov  9 19:07:16 centos6 kernel: unevictable:0 dirty:2 writeback:0 unstable:0
Nov  9 19:07:16 centos6 kernel: free:1369 slab_reclaimable:1774 slab_unreclaimable:11588
Nov  9 19:07:16 centos6 kernel: mapped:54 shmem:48 pagetables:1211 bounce:0
Nov  9 19:07:16 centos6 kernel: Node 0 DMA free:2440kB min:72kB low:88kB high:108kB active_anon:12156kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:14648kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:24kB slab_unreclaimable:8kB kernel_stack:0kB pagetables:16kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
Nov  9 19:07:16 centos6 kernel: lowmem_reserve[]: 0 590 590 590
Nov  9 19:07:16 centos6 kernel: Node 0 DMA32 free:3036kB min:3072kB low:3840kB high:4608kB active_anon:516840kB inactive_anon:184kB active_file:224kB inactive_file:236kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:604988kB mlocked:0kB dirty:8kB writeback:0kB mapped:216kB shmem:192kB slab_reclaimable:7072kB slab_unreclaimable:46344kB kernel_stack:880kB pagetables:4828kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:128 all_unreclaimable? no
Nov  9 19:07:16 centos6 kernel: lowmem_reserve[]: 0 0 0 0
Nov  9 19:07:16 centos6 kernel: Node 0 DMA: 0*4kB 1*8kB 0*16kB 0*32kB 0*64kB 1*128kB 1*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 2440kB
Nov  9 19:07:16 centos6 kernel: Node 0 DMA32: 129*4kB 67*8kB 30*16kB 19*32kB 6*64kB 2*128kB 1*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3036kB
Nov  9 19:07:16 centos6 kernel: 182 total pagecache pages
Nov  9 19:07:16 centos6 kernel: 0 pages in swap cache
Nov  9 19:07:16 centos6 kernel: Swap cache stats: add 0, delete 0, find 0/0
Nov  9 19:07:16 centos6 kernel: Free swap  = 0kB
Nov  9 19:07:16 centos6 kernel: Total swap = 0kB
Nov  9 19:07:16 centos6 kernel: 157439 pages RAM
Nov  9 19:07:16 centos6 kernel: 6271 pages reserved
Nov  9 19:07:16 centos6 kernel: 2686 pages shared
Nov  9 19:07:16 centos6 kernel: 146395 pages non-shared
Nov  9 19:07:16 centos6 kernel: [ pid ]   uid  tgid total_vm      rss cpu oom_adj oom_score_adj name
Nov  9 19:07:16 centos6 kernel: [  271]     0   271     2798      231   0     -17         -1000 udevd
Nov  9 19:07:16 centos6 kernel: [  476]     0   476     2797      230   0     -17         -1000 udevd
Nov  9 19:07:16 centos6 kernel: [  718]     0   718     2279      122   0       0             0 dhclient
Nov  9 19:07:16 centos6 kernel: [  762]     0   762     6909       58   0     -17         -1000 auditd
Nov  9 19:07:16 centos6 kernel: [  787]     0   787    62270      147   0       0             0 rsyslogd
Nov  9 19:07:16 centos6 kernel: [  801]    25   801    40326     2655   0       0             0 named
Nov  9 19:07:16 centos6 kernel: [  850]     0   850    16563      172   0     -17         -1000 sshd
Nov  9 19:07:16 centos6 kernel: [  875]     0   875    23451      240   0       0             0 sshd
Nov  9 19:07:16 centos6 kernel: [  966]   498   966     4780       44   0       0             0 wrapper
Nov  9 19:07:16 centos6 kernel: [  968]   498   968   497404    40812   0       0             0 java
Nov  9 19:07:16 centos6 kernel: [ 1057]     0  1057    20216      225   0       0             0 master
Nov  9 19:07:16 centos6 kernel: [ 1064]    89  1064    20278      209   0       0             0 qmgr
Nov  9 19:07:16 centos6 kernel: [ 1071]     0  1071    27075      121   0       0             0 bash
Nov  9 19:07:16 centos6 kernel: [ 1111]     0  1111    24880      350   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1117]    48  1117    24913      351   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1118]    48  1118    24880      337   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1119]    48  1119    24880      337   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1120]    48  1120    24880      337   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1121]    48  1121    24880      337   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1122]    48  1122    24880      337   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1124]    48  1124    24880      337   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1125]    48  1125    24880      337   0       0             0 httpd
Nov  9 19:07:16 centos6 kernel: [ 1129]     0  1129    29313      151   0       0             0 crond
Nov  9 19:07:16 centos6 kernel: [ 1143]     0  1143     1018       22   0       0             0 agetty
Nov  9 19:07:16 centos6 kernel: [ 1146]     0  1146     1015       22   0       0             0 mingetty
Nov  9 19:07:16 centos6 kernel: [ 1514]     0  1514    23451      237   0       0             0 sshd
Nov  9 19:07:16 centos6 kernel: [ 1517]     0  1517    27075      113   0       0             0 bash
Nov  9 19:07:16 centos6 kernel: [ 1641]    89  1641    20236      218   0       0             0 pickup
Nov  9 19:07:16 centos6 kernel: [ 1659]     0  1659    25234       39   0       0             0 tail
Nov  9 19:07:16 centos6 kernel: [ 1660]     0  1660    89903    85712   0       0             0 setsebool
Nov  9 19:07:16 centos6 kernel: Out of memory: Kill process 1660 (setsebool) score 568 or sacrifice child
Nov  9 19:07:16 centos6 kernel: Killed process 1660, UID 0, (setsebool) total-vm:359612kB, anon-rss:342708kB, file-rss:140kB

答案1

通过添加更多 RAM 解决了问题。

相关内容