From 30ccb9a3e6ce3f5abddde99e2c9c527738806609 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 11 Sep 2025 21:03:37 +0100
Subject: [PATCH] daemon/selinux.ml: Use setfiles -A option to reduce memory
 usage

In filesystems that have many millions of files, the default behaviour
of setfiles is to build a huge hash table containing every filename.
This uses up lots of memory which prevents relabelling from happening
in the reduced memory environment of the libguestfs appliance.

I added the setfiles -A option to change this default behaviour.  If
setfiles has the option then use it.

Fixes: https://issues.redhat.com/browse/RHEL-114292
Related: https://issues.redhat.com/browse/RHEL-111165
Related: https://issues.redhat.com/browse/RHEL-111505
---
 daemon/selinux.ml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/daemon/selinux.ml b/daemon/selinux.ml
index 19da2c8a5..2b49e5eba 100644
--- a/daemon/selinux.ml
+++ b/daemon/selinux.ml
@@ -73,6 +73,12 @@ let setfiles ?(force = false) specfile paths =
      *)
     if setfiles_has_option 'C' then List.push_back args "-C";
 
+    (* Use the -A option if available to reduce the amount of memory
+     * used in filesystems with millions of files
+     * See: https://issues.redhat.com/browse/RHEL-111505
+     *)
+    if setfiles_has_option 'A' then List.push_back args "-A";
+
     (* If the appliance is being run with multiple vCPUs, running setfiles
      * in multithreading mode might speed up the process.  Option "-T" was
      * introduced in SELinux userspace v3.4, and we need to check whether it's
-- 
2.47.1