On Fri, Aug 23, 2019 at 01:41:58PM +0900, Ryota Ozaki wrote: > A workaround for the issue is: > cp /usr/bin/vmstat ./vmstat > $HIJACKING ./vmstat > rm -f ./vmstat > > It's awkward but it's reasonable for now. A proper fix would > be to stop using kvm(3) for vmstat and drop the sgid bit from > the binary.
Wow, good catch! > I guess on most anita environments leak checks pass just in luck > because the environment normally doesn't communicate with outside > and there are no L2 caches. OTOH on baremetal environments there > can be active L2 caches, which makes the leak checks fail. Sounds like a good explanation. Martin