[CentOS] Centos 7 lockup

Thu Aug 21 21:07:14 UTC 2014
Daniel J Walsh <dwalsh at redhat.com>

On 08/21/2014 02:09 PM, Les Mikesell wrote:
> On Thu, Aug 21, 2014 at 12:23 PM,  <m.roth at 5-cent.us> wrote:
>> Les Mikesell wrote:
>>> A machine I set up to run OpenNMS stopped working last night - no
>>> hardware alarm lights, but keyboard/monitor/network unresponsive.
>>> After a reboot I see a large stack of messages like this in
>>> /var/log/messages:
>>>
>>> ----
>>> Aug 20 14:02:34 opennms-h-03 python: SELinux is preventing
>>> /usr/sbin/monitor-get-edid-using-vbe from mmap
>>> _zero access on the memprotect .
>>> ------
>>> and then this final message
>>>
>>> Aug 20 14:02:42 opennms-h-03 dbus-daemon: 'list' object has no attribute
>>> 'split'
>>>
>>>
>>> Do either of those look fatal?   And where else should I look for the
>>> underlying problem?
>>>
>> Looks like all selinux to me, esp. the wording. Is it in enforcing mode? I
>> wonder if it's possible that there's a bug in an selinux policy that
>> results in "IT'S NOT SAFE!!! SHUT IT DOWN!!!".
> /var/log/audit/audit.log says:
> type=AVC msg=audit(1408478520.792:7016): avc:  denied  { mmap_zero }
> for  pid=17977 comm="monitor-get-edi"
> scontext=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023
> tclass=memprotect
>
> which isn't particularly readable but I would guess means that it
> blocked the ocsinventory-agent from getting the monitor type.  Not
> sure why that is supposed to be helpful, but it also doesn't sound
> fatal.  And somewhat irrelevant on a normally headless server.
>
> Does that dbus error looks serious?
> Aug 20 14:02:42 opennms-h-03 dbus-daemon: 'list' object has no attribute 'split'
>
>  --
>    Les Mikesell
>      lesmikesell at gmail.com
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
mmap_zero is a fairly dangerous access. It means the object is
attempting to memeory map
low memory in the kernel.  Bugs in the kernel have been known to allow
priv escallation, can be prevented by this check.

http://eparis.livejournal.com/

Talks about the access check.

I usually tell people to avoid these apps, but if you need to run it,
you can turn the protection off as the alert told you.

setsebool -P mmap_low_allowed 1