Skip to content

Using YARA scanning process in a container led to OOM due to the generation of a large amount of cache. #2059

New issue
New issue
Open
Open
Using YARA scanning process in a container led to OOM due to the generation of a large amount of cache.#2059
Labels
bug
@touyudexiaomao

Description

@touyudexiaomao
touyudexiaomao
opened on Mar 27, 2024

Describe the bug
I created a container with a maximum memory limit of 1GB. I started a process A inside the container, which uses the YARA API to scan other processes.
During the YARA scanning process, a large amount of cache is generated due to intensive I/O operations.
As a result, the sum of RSS (200M) and cache (900M) of all processes in the container exceeded 1GB, leading to the OOM kill of process A.

Expected behavior
Can YARA be controlled through parameters to perform I/O operations in direct I/O mode?

Please complete the following information:

  • OS: centos 3.10.0-957.el7.x86_64
  • YARA version: 4.3.2

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions