Fix Memory Usage for file_(group)owner #13306
Conversation
jan-cerny
left a comment
There was a problem hiding this comment.
I have executed multiple test scenarios and the results are fine. Overall, the change looks good to me.
| <unix:user_id datatype="int" operation="equals" var_ref="var_file_owner{{{ FILEID }}}_{{{ own }}}_uid"></unix:user_id> | ||
| </unix:file_state> | ||
| {{% endfor %}} | ||
|
|
There was a problem hiding this comment.
I think that we could move the <unix:file_state id="symlink_file_owner{{{ FILEID }}}_{{{ loop.index0 }}}" version="1"> element out from the for loop because now it can generate multiple states that are identical and differ only by ID. For example, in build/rhel9/checks/oval/file_ownership_library_dirs.xml I see this:
<unix:file_state id="oval:ssg-symlink_file_ownership_library_dirs_0:ste:1" version="1" operator="AND">
<unix:type operation="equals">symbolic link</unix:type>
</unix:file_state>
<unix:file_state id="oval:ssg-symlink_file_ownership_library_dirs_1:ste:1" version="1" operator="AND">
<unix:type operation="equals">symbolic link</unix:type>
</unix:file_state>
<unix:file_state id="oval:ssg-symlink_file_ownership_library_dirs_2:ste:1" version="1" operator="AND">
<unix:type operation="equals">symbolic link</unix:type>
</unix:file_state>
<unix:file_state id="oval:ssg-symlink_file_ownership_library_dirs_3:ste:1" version="1" operator="AND">
<unix:type operation="equals">symbolic link</unix:type>
</unix:file_state>
|
Note that if you want to integrate this kind of testing into diff --git a/tests/install_vm.py b/tests/install_vm.py
index ae2c49524c..2030cf25df 100755
--- a/tests/install_vm.py
+++ b/tests/install_vm.py
@@ -360,8 +360,11 @@ def run_virt_install(data, command):
subprocess.call(command)
if data.console:
subprocess.call(["unbuffer", "virsh", "console", data.domain])
- wait_vm_not_running(data.domain)
- subprocess.call(["virsh", "start", data.domain])
+
+ wait_vm_not_running(data.domain)
+ for cmd in ["setmem", "setmaxmem"]:
+ subprocess.call(["virsh", cmd, data.domain, "2000M", "--config"])
+ subprocess.call(["virsh", "start", data.domain])
give_info(data)but it would mean always waiting for the installation to finish (the current behavior is to return immediately without The reason is that |
|
Aside from that, I've run a daily productization test run on this PR and it seems to have fixed all the issues, at least on VMs with 3 GB of RAM (that still showed problems with |
|
Code Climate has analyzed commit 06bdde4 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 61.9% (0.0% change). View more on Code Climate. |
jan-cerny
left a comment
There was a problem hiding this comment.
I have reviewed the generated OVAL checks for multiple rules using the file_groupowner and file_owner template. Then, I have run automatus tests.
Description:
Filter out complaint files help reduce memory footprint when scanning.
Rationale:
Make the content usable on all systems.
Fixes #13297
Review Hints:
Use Automatus on system that has <2000 MB of RAM.