Qubes Memory Allocation Slow?

alimirjamali · February 16, 2025, 8:50pm

What you see is most probably the notorious SELinux label bug which affects Fedora 41 templates. Most of the bugs are fixed in testing repositories. You could confirm it by switching to Fedora 40 or Debian templates and see if the issue remains or is solved. For more info:

github.com/QubesOS/qubes-issues

Memory ballooning issue is back for the fedora-41 template

opened 02:54PM - 21 Dec 24 UTC

lubellier

P: major C: Fedora needs diagnosis affects-4.2

### Qubes OS release Qubes OS 4.2.3 ### Brief summary The fedora-41 templ…ate based AppVMs stay to the minimal memory limit. Other users got also this issue, see [the related topic](https://forum.qubes-os.org/t/fedora-41-template-update-on-20-12-2024-makes-fedora-lag-severaely/30915) in the forum. ### Steps to reproduce 1. Update your fedora-41 template with the fedora and QubesOS repositories 2. Start the XX AppVM (with the fedora-41 template) 3. Check XX prefs are memory 400MB / maxmem 4000MB 4. Start Firefox and browse the web 5. The XX current memory stays to 400MB ### Expected behavior The XX current memory should grow over 400MB. ### Actual behavior Related to [Fedora 41 template / selinux](https://github.com/QubesOS/qubes-issues/issues/9244#issuecomment-2493813085) ### Done checks > > Is there any manual action we can do to fix an already installed template, or do we need to reinstall from this new template? > > Try removing `/.qubes-relabeled` in the template and restarting it - it should fix labels on startup; it may take some time, might require increasing `qrexec_timeout` property. I did the `/.qubes-relabeled` removing / `qrexec_timeout` procedure in the fedora-41 template, the relabel job executed and re-created the `/.qubes-relabeled` file as expected: fedora-41 logs: ``` [2024-12-21 14:34:23] [.[0m.[0;31m* .[0m] Job qubes-relabel-root.service/start running (3s / no limit) ... .[K[ .[0;31m*.[0;1;31m*.[0m.[0;31m* .[0m] Job qubes-relabel-root.service/start running (1min 9s / no limit) ... [2024-12-21 14:35:28] [ 71.312855] reboot: System halted ``` On next boot: ``` [user@tpl-f41 ~]$ ls -al /.qubes-relabeled -rw-r--r--. 1 root root 0 Dec 21 14:35 /.qubes-relabeled ``` Logs of the XX AppVM: ``` [2024-12-21 14:50:02] [ 35.492145] audit: type=1400 audit(1734792602.359:123): avc: denied { read } for pid=621 comm="qrexec-agent" name="meminfo-writer.pid" dev="tmpfs" ino=784 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 ```

And if you follow my weekly updates review newsletters (on forum), you will find the technical details and related patches.