解决ld-linux.so大量占用CPU
注: 这是在低版本上的Adobe Reader导致的, 较新版本可能已经无此问题. — Zhiqiang Ma on Oct. 29, 2011
在我这边是因为adobe reader导致的.
我解决的方法是这样子的:
1. 复制一份libgtkembedmoz.so并认reader使用它, 这个在preferrence中找到设置一下就可以了, 我是从thunderbird中找到的.
2. #setsebool -P allow_execheap=1
关于这个的相关解释如下
*************************************************************
The following error pops up in setroubleshooter when opening a PDF form with Adobe Reader 8.1.2 on a Fedora 8 system with SELinux in enforcing mode. It looks like an Adobe Reader issue. If Reader is opened again the alert will not appear until you toggle form highlighting on/off and restart Reader.
Summary:
SELinux is preventing ld-linux.so.2 from changing the access protection of
memory on the heap.
Detailed Description:
The ld-linux.so.2 application attempted to change the access protection of
memory on the heap (e.g., allocated using malloc). This is a potential security
problem. Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. If ld-linux.so.2 does not work and you need it to work,
you can configure SELinux temporarily to allow this access until the application
is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Allowing Access:
If you want ld-linux.so.2 to continue, you must turn on the allow_execheap
boolean. Note: This boolean will affect all applications on the system.
The following command will allow this access:
setsebool -P allow_execheap=1
Additional Information:
Source Context unconfined_u:system_r:unconfined_t:SystemLow-
SystemHigh
Target Context unconfined_u:system_r:unconfined_t:SystemLow-
SystemHigh
Target Objects None [ process ]
Source ld-linux.so.2
Source Path /lib/ld-2.7.so
Port
Host localhost.localdomain
Source RPM Packages glibc-2.7-2
Target RPM Packages
Policy RPM selinux-policy-3.0.8-101.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_execheap
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.24.5-85.fc8 #1 SMP
Sat Apr 19 12:39:34 EDT 2008 i686 athlon
Alert Count 40
First Seen Sun 04 May 2008 06:28:51 PM EDT
Last Seen Sun 11 May 2008 09:28:06 PM EDT
Local ID ba2bc4c2-4eb7-490e-94c6-3a5caa6ea481
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1210555686.596:57): avc: denied { execheap } for pid=5638 comm=”ld-linux.so.2″ scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process
host=localhost.localdomain type=SYSCALL msg=audit(1210555686.596:57): arch=40000003 syscall=125 success=no exit=-13 a0=612d000 a1=873000 a2=5 a3=bf8c4620 items=0 ppid=1 pid=5638 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm=”ld-linux.so.2″ exe=”/lib/ld-2.7.so” subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)
========================================
Fedora 10下:
firefox中打开flash或pdf时会发现nsviewer占用大量CPU
其实干掉它就可以了
#yum erase nspluginwraper
