I recently upgraded one of my application servers to CentOS 6(.2) and was getting it ready for production use when I can across the following issue; Whenever I try to add a custom http port by way of semanage, I keep getting the following error messages:
libsemanage.semanage_exec_prog: Child process /sbin/setfiles did not exit cleanly.
libsemanage.semanage_install_active: setfiles returned error code -1.
libsemanage.semanage_exec_prog: Child process /sbin/setfiles did not exit cleanly.
libsemanage.semanage_install_active: setfiles returned error code -1.
/usr/sbin/semanage: Could not commit semanage transaction
The command I am trying to run:
semanage port -a -t http_port_t -p tcp 27960
Current kernel:
2.6.32-220.4.1.el6.x86_64 #1 SMP Tue Jan 24 02:13:44 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux
Current policycoreutils-python:
2.0.83-19.18.el6
And finally, current selinux settings:
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Anyone come across this issue before? If so how did you resolve?
Thanks in advance
— Edit —
I checked /var/log/messages and it looks like semanage is failing due to " kernel: Out of memory: Kill process 1648 (semanage) score 769 or sacrifice child". This is odd because I have an near exact clone (on linode.com) with same cpu/mem specs and the command runs fine.
free -t -m on server where semanage keeps failing:
total used free shared buffers cached
Mem: 489 79 410 0 0 11
-/+ buffers/cache: 67 422
Swap: 0 0 0
Total: 489 79 410
Best Answer
Had a very similar problem on Digital Ocean. Some VM hosts (Digital Ocean, AWS, Rackspace) may NOT have swap space enabled by default, which apparently causes
semanageto get killed.On the CentOS 7 VMs that I've played with,
semanageneeded 300 to 400 MB of free RAM before executing the command, to run successfully without getting killed.