MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
2024
Months
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct NovDec


Sun, Apr 24, 2016 10:44 pm

SELinux entries in /var/log/messages

I had been noticing setroubleshootd frequently using a high percentage of the CPU's time on a CentOS Linux system when I run top. E.g.:

top - 21:26:35 up 227 days,  6:13, 27 users,  load average: 0.83, 0.90, 1.50
Tasks: 329 total,   3 running, 326 sleeping,   0 stopped,   0 zombie
%Cpu(s): 83.3 us, 16.5 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.2 si,  0.0 st
KiB Mem :  1875896 total,   177868 free,   495072 used,  1202956 buff/cache
KiB Swap:  2113532 total,   958752 free,  1154780 used.   951776 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
22725 apache    20   0   42332  10400   2172 R  95.0  0.6   0:03.93 blosxom
22727 root      20   0  263660  41572  10032 R  95.0  2.2   0:03.96 setroubles+
22720 root      20   0  146260   2164   1360 R   2.5  0.1   0:00.62 top
   13 root      20   0       0      0      0 S   0.9  0.0 641:26.32 rcu_sched
   15 root      20   0       0      0      0 S   0.6  0.0 216:15.71 rcuos/1
24450 root      20   0  396436   7712   5180 S   0.6  0.4   9:58.86 httpd
  418 root      20   0       0      0      0 S   0.3  0.0 107:26.61 xfsaild/dm+
  639 root      20   0       0      0      0 S   0.3  0.0 104:29.30 xfsaild/dm+
  657 root      16  -4  116708    496    316 S   0.3  0.0  45:09.63 auditd
  674 root      12  -8   80220    440    256 S   0.3  0.0  31:45.76 audispd
 1278 jim       20   0  142884   1100    820 S   0.3  0.1   0:28.74 sshd
    1 root      20   0  196044   9296   2808 S   0.0  0.5 147:49.67 systemd
    2 root      20   0       0      0      0 S   0.0  0.0   1:18.37 kthreadd
    3 root      20   0       0      0      0 S   0.0  0.0   3:11.27 ksoftirqd/0
    5 root       0 -20       0      0      0 S   0.0  0.0   0:00.00 kworker/0:+
    7 root      rt   0       0      0      0 S   0.0  0.0   7:26.68 migration/0
    8 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcu_bh

The process shows up as setroubles+, i.e., setroubles with a plus sign at the end, because the full process name, setroubleshootd, can't be displayed in the 80 columns I have alloted for the terminal window.

I've also noticed hundreds of thousands of entries it has created in /var/log/messages related to SELinux issues. I had switched SELinux from "enforcing" mode to "permissive" mode on the system, due to web server application issues, so SELinux wasn't stopping applications from running, but issues are being logged. I finally decided that I at least needed to reduce the number of log entries being creatd substantially, which will, hopefully, improve the responsiveness of the server. I had fixed the SELinux issue for one application, CometChat recently, but I decided I needed to fix at least some of the issues for other sites on the system, also, related to the SELinux context for files under the public_html directory beneath user's home directories.

[ More Info ]

[/os/unix/linux/selinux] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo