42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
From 30ccb9a3e6ce3f5abddde99e2c9c527738806609 Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Thu, 11 Sep 2025 21:03:37 +0100
|
|
Subject: [PATCH] daemon/selinux.ml: Use setfiles -A option to reduce memory
|
|
usage
|
|
|
|
In filesystems that have many millions of files, the default behaviour
|
|
of setfiles is to build a huge hash table containing every filename.
|
|
This uses up lots of memory which prevents relabelling from happening
|
|
in the reduced memory environment of the libguestfs appliance.
|
|
|
|
I added the setfiles -A option to change this default behaviour. If
|
|
setfiles has the option then use it.
|
|
|
|
Fixes: https://issues.redhat.com/browse/RHEL-114292
|
|
Related: https://issues.redhat.com/browse/RHEL-111165
|
|
Related: https://issues.redhat.com/browse/RHEL-111505
|
|
---
|
|
daemon/selinux.ml | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/daemon/selinux.ml b/daemon/selinux.ml
|
|
index 19da2c8a5..2b49e5eba 100644
|
|
--- a/daemon/selinux.ml
|
|
+++ b/daemon/selinux.ml
|
|
@@ -73,6 +73,12 @@ let setfiles ?(force = false) specfile paths =
|
|
*)
|
|
if setfiles_has_option 'C' then List.push_back args "-C";
|
|
|
|
+ (* Use the -A option if available to reduce the amount of memory
|
|
+ * used in filesystems with millions of files
|
|
+ * See: https://issues.redhat.com/browse/RHEL-111505
|
|
+ *)
|
|
+ if setfiles_has_option 'A' then List.push_back args "-A";
|
|
+
|
|
(* If the appliance is being run with multiple vCPUs, running setfiles
|
|
* in multithreading mode might speed up the process. Option "-T" was
|
|
* introduced in SELinux userspace v3.4, and we need to check whether it's
|
|
--
|
|
2.47.1
|
|
|