Skip to content

fix: uniqMcs use all cpu#246

Open
ningmingxiao wants to merge 1 commit intoopencontainers:mainfrom
ningmingxiao:dev03
Open

fix: uniqMcs use all cpu#246
ningmingxiao wants to merge 1 commit intoopencontainers:mainfrom
ningmingxiao:dev03

Conversation

@ningmingxiao
Copy link
Copy Markdown
Contributor

@ningmingxiao ningmingxiao commented Nov 25, 2025
edited
Loading

fix #247

@ningmingxiao ningmingxiao mentioned this pull request Nov 26, 2025
Open
@ningmingxiao ningmingxiao mentioned this pull request Dec 1, 2025
Closed
@ningmingxiao ningmingxiao force-pushed the dev03 branch 4 times, most recently from 931123f to c28240d Compare December 1, 2025 07:08
@zzzzzzzzzy9 zzzzzzzzzy9 mentioned this pull request Dec 4, 2025
Open
kolyshkin
kolyshkin reviewed Mar 16, 2026
View reviewed changes
Comment thread go-selinux/label/label_linux_test.go Outdated
kolyshkin
kolyshkin reviewed Mar 16, 2026
View reviewed changes
Comment thread go-selinux/selinux_linux.go Outdated
@ningmingxiao ningmingxiao force-pushed the dev03 branch 2 times, most recently from d083957 to 4567cb2 Compare March 17, 2026 02:01
@rhatdan
Copy link
Copy Markdown
Collaborator

rhatdan commented Mar 23, 2026

LGTM

kolyshkin
kolyshkin reviewed Mar 23, 2026
View reviewed changes
Comment thread go-selinux/label/label_linux.go Outdated
kolyshkin
kolyshkin reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we need to change the public API to add error reporting to, say, selinux.ContainerLabels (and similar functions using addMcs/uniqMcs)?
Keep the old functions for backward compatibility but deprecate those?

@ningmingxiao
Copy link
Copy Markdown
Contributor Author

ningmingxiao commented Mar 25, 2026

Maybe we need to change the public API to add error reporting to, say, selinux.ContainerLabels (and similar functions using addMcs/uniqMcs)? Keep the old functions for backward compatibility but deprecate those?

I afraid user have to adapt to the new interface and we can't let user know old interface is deprecate. @kolyshkin

@rhatdan
Copy link
Copy Markdown
Collaborator

rhatdan commented Apr 24, 2026

Needs a rebase. @ningmingxiao still working on this one?

@ningmingxiao ningmingxiao force-pushed the dev03 branch 2 times, most recently from c63efca to a76e7fe Compare April 24, 2026 13:51
@ningmingxiao
Copy link
Copy Markdown
Contributor Author

ningmingxiao commented Apr 24, 2026

done thanks @rhatdan

kolyshkin
kolyshkin requested changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, what we need to do here is move selinux.ContainerLabels (and selinux.ContainerLabelsSize) into an internal package. It looks like no one is using selinux.ContainerLabels -- the only user is `label.InitLabels. Means we can move it to internal and then do whatever we want to. See #247 (comment) for details.

@ningmingxiao ningmingxiao force-pushed the dev03 branch 10 times, most recently from ae0f8db to 936fe01 Compare April 27, 2026 05:55
@ningmingxiao
Copy link
Copy Markdown
Contributor Author

ningmingxiao commented Apr 27, 2026

done @kolyshkin

@ningmingxiao ningmingxiao force-pushed the dev03 branch 11 times, most recently from fed9a1b to 946445b Compare April 27, 2026 08:27
kolyshkin
kolyshkin reviewed Apr 27, 2026
View reviewed changes
Comment thread go-selinux/label/label_linux_test.go Outdated
kolyshkin
kolyshkin reviewed Apr 27, 2026
View reviewed changes
Comment thread go-selinux/label/label_linux_test.go Outdated
if i == 19 {
if err == nil {
t.Fatal("err should not be nil")
} else if !strings.Contains(err.Error(), "SELinux label exhaustion") {
Copy link
Copy Markdown
Collaborator

@kolyshkin kolyshkin Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should you do if !errors.Is(err, ErrMCSExhausted)?

kolyshkin
kolyshkin reviewed Apr 28, 2026
View reviewed changes
Comment thread go-selinux/selinux_linux.go
xattrNameSelinux = "security.selinux"
)

var maxSelinuxLabelSize = int(CategoryRange * (CategoryRange - 1) / 2)
Copy link
Copy Markdown
Collaborator

@kolyshkin kolyshkin Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alas, CategoryRange can be (and is) changed by any other package.

I'm fixing this issue in #262 by introducing SetCategoryRange and deprecating CategoryRange.

Copy link
Copy Markdown
Contributor Author

@ningmingxiao ningmingxiao Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can merge 262 into main I will rebase it @kolyshkin

kolyshkin
kolyshkin reviewed Apr 28, 2026
View reviewed changes
Comment thread go-selinux/selinux.go
// ReserveLabel reserves the MLS/MCS level component of the specified label
//
// Deprecated: Use ReserveLabelV2 instead.
func ReserveLabel(label string) {
Copy link
Copy Markdown
Collaborator

@kolyshkin kolyshkin Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have any external users?

Yes we do; plenty.

kolyshkin
kolyshkin reviewed Apr 28, 2026
View reviewed changes
Comment thread go-selinux/selinux.go Outdated
kolyshkin
kolyshkin reviewed Apr 28, 2026
View reviewed changes
Comment thread go-selinux/selinux_linux.go Outdated
@ningmingxiao
fix: uniqMcs use all cpu
92104a8 
Signed-off-by: ningmingxiao <ning.mingxiao@zte.com.cn>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolyshkin kolyshkin kolyshkin requested changes

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@rhatdan rhatdan Awaiting requested review from rhatdan rhatdan is a code owner

@runcom runcom Awaiting requested review from runcom runcom is a code owner

@thaJeztah thaJeztah Awaiting requested review from thaJeztah thaJeztah is a code owner

@cyphar cyphar Awaiting requested review from cyphar cyphar is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

uniqMcs use 100% cpu

3 participants

@ningmingxiao @rhatdan @kolyshkin