semodule returns "cannot allocate memory" --

Edward Kuns ekuns at kilroy.chi.il.us
Sun Aug 2 20:39:50 UTC 2009 

A module previously loaded disappeared when I had to totally reload
policy from scratch on a Fedora 8 -> 11 upgrade.  By "totally reload" I
mean:

# cd /etc/selinux/targeted
# mv modules modules.old
# yum erase selinux-policy selinux-policy-targeted
# yum install selinux-policy selinux-policy-targeted

The above fixed my corrupted policy that nothing else appeared to be
able to fix, but I forgot to reload some custom modules that I have
locally, only one of which seems to be needed today (for mailman).
Today I tried to reload this custom module and I got:

So I tried to reload it:

[root at kilroy policy]# semodule -i mymailman.pp
SELinux:  Could not load policy
file /etc/selinux/targeted/policy/policy.24:  Cannot allocate memory
/usr/sbin/load_policy:  Can't load policy:  Cannot allocate memory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
SELinux:  Could not load policy
file /etc/selinux/targeted/policy/policy.24:  Cannot allocate memory
/usr/sbin/load_policy:  Can't load policy:  Cannot allocate memory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
semodule:  Failed!

I rebooted and tried again to the same result.

I currently have selinux-policy (and -targeted) 3.6.12-69.fc11.  Well, I
tried the above again (move and reinstall of policy) and got the
following failure on the reinstall:

  Installing     : selinux-policy-3.6.12-69.fc11.noarch
1/4 
  Installing     : selinux-policy-targeted-3.6.12-69.fc11.noarch
2/4 
SELinux:  Could not load policy
file /etc/selinux/targeted/policy/policy.24:  Cannot allocate memory
/usr/sbin/load_policy:  Can't load policy:  Cannot allocate memory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsemanage.semanage_install_active: Could not
copy /etc/selinux/targeted/modules/active/policy.kern
to /etc/selinux/targeted/policy/policy.24. (No such file or directory).
semodule:  Failed!
  Installing     : setroubleshoot-2.1.14-2.fc11.i586
3/4 
  Installing     : policycoreutils-gui-2.0.62-12.12.fc11.i586
4/4 

So now I think I'm worse off than before.  How do I fix this?  By the
way, this server has 4 GB memory, so it's hard to believe I'm truly out
of memory.  Also, swap is not being used.  But if I look
in /var/log/messages, I see the following:

vmap allocation for size 3801088 failed: use vmalloc=<size> to increase
size.

How do I fix this, and just how bad is my selinux messed up?

            Thanks

              Eddie

More information about the fedora-selinux-list mailing list