TOMOYO
ForkHello.
A severe memory leak problem was discovered in TOMOYO Linux 1.7.1 .
When I fixed a bug that a permission like
allow_env PATH if exec.envp["PATH"]="/"
was not working due to buffer contention, I allocated two buffers but forgot to
release one buffer. As a result, if you are using environment variable name
restriction functionality, out-of-memory killer (OOM killer) will be triggered
and the system will hang.
If you cannot reboot your system, please do
echo '0-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p
echo '1-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p
echo '2-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p
echo '3-CONFIG::misc::env={ mode=disabled }' | ccs-loadpolicy -p
so that environment variable name restriction functionality is disabled.
(Above lines change only profile 0 to 3. Please apply to all profiles you are
using.)
If you can reboot your system, please add
0-CONFIG::misc::env={ mode=disabled }
1-CONFIG::misc::env={ mode=disabled }
2-CONFIG::misc::env={ mode=disabled }
3-CONFIG::misc::env={ mode=disabled }
to /etc/ccs/profile.conf and reboot.
If you built your kernel from source using ccs-patch-1.7.1-20091111.tar.gz ,
please apply the patch available at
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.7.x/ccs-patch/patches/hotfix.patch?revision=3274&root=tomoyo
(or download tar ball which supports 2.6.33-rc1 and includes two enhancements
http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.7.x/ccs-patch.tar.gz?root=tomoyo&revision=3274&view=tar )
and recompile the kernel.
I'll start rebuild binary packages.
Sincerely.