ld-linux.so Taking High CPU Usage Caused by Adobe Reader


注: 这是在低版本上的Adobe Reader导致的, 较新版本可能已经无此问题. — Zhiqiang Ma on Oct. 29, 2011

在我这边是因为adobe reader导致的.


1. 复制一份libgtkembedmoz.so并认reader使用它, 这个在preferrence中找到设置一下就可以了, 我是从thunderbird中找到的.

2. #setsebool -P allow_execheap=1

The following error pops up in setroubleshooter when opening a PDF form with Adobe Reader 8.1.2 on a Fedora 8 system with SELinux in enforcing mode. It looks like an Adobe Reader issue. If Reader is opened again the alert will not appear until you toggle form highlighting on/off and restart Reader.


SELinux is preventing ld-linux.so.2 from changing the access protection of
memory on the heap.

Detailed Description:

The ld-linux.so.2 application attempted to change the access protection of
memory on the heap (e.g., allocated using malloc). This is a potential security
problem. Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. If ld-linux.so.2 does not work and you need it to work,
you can configure SELinux temporarily to allow this access until the application
is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Allowing Access:

If you want ld-linux.so.2 to continue, you must turn on the allow_execheap
boolean. Note: This boolean will affect all applications on the system.

The following command will allow this access:

setsebool -P allow_execheap=1

Additional Information:

Source Context unconfined_u:system_r:unconfined_t:SystemLow-
Target Context unconfined_u:system_r:unconfined_t:SystemLow-
Target Objects None [ process ]
Source ld-linux.so.2
Source Path /lib/ld-2.7.so
Host localhost.localdomain
Source RPM Packages glibc-2.7-2
Target RPM Packages
Policy RPM selinux-policy-3.0.8-101.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_execheap
Host Name localhost.localdomain
Platform Linux localhost.localdomain #1 SMP
Sat Apr 19 12:39:34 EDT 2008 i686 athlon
Alert Count 40
First Seen Sun 04 May 2008 06:28:51 PM EDT
Last Seen Sun 11 May 2008 09:28:06 PM EDT
Local ID ba2bc4c2-4eb7-490e-94c6-3a5caa6ea481
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1210555686.596:57): avc: denied { execheap } for pid=5638 comm=”ld-linux.so.2″ scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process

host=localhost.localdomain type=SYSCALL msg=audit(1210555686.596:57): arch=40000003 syscall=125 success=no exit=-13 a0=612d000 a1=873000 a2=5 a3=bf8c4620 items=0 ppid=1 pid=5638 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm=”ld-linux.so.2″ exe=”/lib/ld-2.7.so” subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Fedora 10下:

#yum erase nspluginwraper

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

Leave a Reply

Your email address will not be published. Required fields are marked *