FIXED Re: semodule returns "cannot allocate memory"

Daniel J Walsh dwalsh at redhat.com
Mon Aug 3 11:40:10 UTC 2009 

On 08/02/2009 06:06 PM, Edward Kuns wrote:
> On Sun, 2009-08-02 at 15:39 -0500, Edward Kuns wrote:
>> [root at kilroy policy]# semodule -i mymailman.pp
>> SELinux:  Could not load policy
>> file /etc/selinux/targeted/policy/policy.24:  Cannot allocate memory
>> /usr/sbin/load_policy:  Can't load policy:  Cannot allocate memory
>> libsemanage.semanage_reload_policy: load_policy returned error code 2.
>> SELinux:  Could not load policy
>> file /etc/selinux/targeted/policy/policy.24:  Cannot allocate memory
>> /usr/sbin/load_policy:  Can't load policy:  Cannot allocate memory
>> libsemanage.semanage_reload_policy: load_policy returned error code 2.
>> semodule:  Failed!
> 
> I managed to fix this myself.  I edited grub.conf and added the
> following to the end of my kernel's line:
> 
>           vmalloc=192M
> 
> then rebooted.  After rebooting I thoroughly cleaned things out:
> 
> # cd /etc/selinux
> # yum erase selinux-policy selinux-policy-targeted
> # mv targeted targeted.old
> # yum install selinux-policy selinux-policy-targeted setroubleshoot \
>        policycoreutils-gui
> 
> and this time it worked and installed cleanly.  I was then able to go
> add my two custom policies.
> 
> I recently changed video cards (since the old one blew itself up) and
> since nouveau misbehaved so badly in this instance and then again with
> the new video card, I changed back to the nvidia drivers.  I suppose
> this could have caused my system to make greater use of the "vmalloc"
> area. But does this indicate that policy is getting too large?  Or does
> this indicate that something is funny with my system?  Or perhaps that
> more and more people are going to be running into the default 128M limit
> and this needs to be raised?
> 
semodule is now compressing the policy at install time, so this is using more memory then it did before. 
But the size of policy has grown, but not to the extent to cause huge problems.  
>          Thanks
> 
>            Eddie
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list