[CentOS] selinux commands fail on low memory box

Thu Oct 15 01:40:51 UTC 2015
Tim Dunphy <bluethundr at gmail.com>

Hey all,

 I have 3 web servers hosted at Digital Ocean that all have the same amount
of memory at 512MB.  They're all running CentOS 7.

They are low powered apache servers and don't really need more than that.
All they're doing is serving the web, no database on those hosts at all.

On the first two hosts I seem to have no trouble running SELinux related
commands. It's only on the 3rd web server where I seem to have any trouble
at all running the SELinux commands I want to keep the box secure.

On box #3 all SElinux commands end up the same way. For example:

[root at ops3:~] #semodule -i newrelic.pp

And that happened when I had about 280MB free:

[root at ops3:~] #free -m
              total        used        free      shared  buff/cache
Mem:            490          96         286          28         107
Swap:             0           0           0

Typically what I'll do is stop all the main services on this machine to
free up some memory to run the command I want. But to no avail! The
commands die with the same errors every time. Whereas on the other two
hosts I can run the same commands with only as little as 30 or 40MB free!

So would this be some inherent flaw with this box? That the only way to get
around it is to scrap it and build a replacement?

Not that hard to do. But before I took that measure I was wondering if
there was any hocus-pocus I could try that I might not be aware of that
could alleviate this scenario.


GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B