[CentOS] selinux commands fail on low memory box

Tim Dunphy bluethundr at gmail.com
Thu Oct 15 04:30:22 UTC 2015


>
> How about adding some swap into system?


Not a bad idea, Eero! That worked.

[root at ops3:~] #cat /proc/swaps
Filename                                Type            Size    Used
 Priority
/swapfile                               file            1048572 712     -1

[root at ops3:~] #semodule -i newrelic.pp
[root at ops3:~] #

Thanks!
Tim

On Thu, Oct 15, 2015 at 12:19 AM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:

> How about adding some swap into system?
>
> --
> Eero
>
> 2015-10-15 4:40 GMT+03:00 Tim Dunphy <bluethundr at gmail.com>:
>
> > Hey all,
> >
> >  I have 3 web servers hosted at Digital Ocean that all have the same
> amount
> > of memory at 512MB.  They're all running CentOS 7.
> >
> > They are low powered apache servers and don't really need more than that.
> > All they're doing is serving the web, no database on those hosts at all.
> >
> > On the first two hosts I seem to have no trouble running SELinux related
> > commands. It's only on the 3rd web server where I seem to have any
> trouble
> > at all running the SELinux commands I want to keep the box secure.
> >
> > On box #3 all SElinux commands end up the same way. For example:
> >
> > [root at ops3:~] #semodule -i newrelic.pp
> > Killed
> >
> > And that happened when I had about 280MB free:
> >
> > [root at ops3:~] #free -m
> >               total        used        free      shared  buff/cache
> > available
> > Mem:            490          96         286          28         107
> > 285
> > Swap:             0           0           0
> >
> > Typically what I'll do is stop all the main services on this machine to
> > free up some memory to run the command I want. But to no avail! The
> > commands die with the same errors every time. Whereas on the other two
> > hosts I can run the same commands with only as little as 30 or 40MB free!
> >
> > So would this be some inherent flaw with this box? That the only way to
> get
> > around it is to scrap it and build a replacement?
> >
> > Not that hard to do. But before I took that measure I was wondering if
> > there was any hocus-pocus I could try that I might not be aware of that
> > could alleviate this scenario.
> >
> > Thanks,
> > Tim
> >
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B



More information about the CentOS mailing list