grep -i pss /proc/*/smaps
Permission denied for most /proc/<pid>/smaps files. Each failure is logged by auditd, creating thousands of audit records and rapidly filling /var/log/audit. This triggers incident tickets and potential system impact./proc/<pid>/smaps is part of the Linux virtual filesystem. While ls -l shows -r--r--r--, access is controlled by kernel security settings, not just file mode.Hardened environments often enforce:
kernel.yama.ptrace_scope=1 or 2 (restricts reading other processes’ memory maps)./proc mounted with hidepid=1 or 2 (hides process details from non-root users).cat /proc/mounts | grep /proc cat /proc/sys/kernel/yama/ptrace_scope cat /proc/sys/kernel/hidepidhidepid > 0 or ptrace_scope > 0 then a hardened environment is confirmed.Several resolutions are available for this issue.
Resolution 1
Disable the "OS And Instance Statistics" collection for the Oracle database agent.
Refer to Knowledgebase article 4309218 for details on how to disable a specific database agent collection.
Resolution 2
Suppress the audit noise (requires security approval):
auditctl -a never,exit -F exe=/usr/bin/grep -F auid=<foglight_uid>
Resolution 3
Run the OS user as sudo.
Note: This may still generate a lot of I/O and potentially audit “success” records depending on audit rules.
Resolution 4
For Oracle cartridges at 7.3.1.10 or higher, turn off the Oracle memory monitoring as described in Knowledgebase article 4378626.