pr feedback: add comment for mutex lock, sizeKB debug field name

Signed-off-by: Maksim An <[email protected]>

Author: anmaxvl

internal/guest/runtime/hcsv2/spec.go

@@ -197,7 +197,7 @@ func applyAnnotationsToSpec(ctx context.Context, spec *oci.Spec) error {
 		}
 		spec.Mounts = removeMount("/dev/shm", spec.Mounts)
 		spec.Mounts = append(spec.Mounts, *mt)
-		log.G(ctx).WithField("size in KB", val).Debug("set custom /dev/shm size")
+		log.G(ctx).WithField("sizeKB", val).Debug("set custom /dev/shm size")
 	}
 
 	// Check if we need to do any capability/device mappings

pkg/securitypolicy/securitypolicyenforcer.go

@@ -590,6 +590,7 @@ func envIsMatchedByRule(envVariable string, rules []EnvRuleConfig) bool {
 	return false
 }
 
+// StandardSecurityPolicyEnforcer.mutex lock must be held prior to calling this function.
 func (pe *StandardSecurityPolicyEnforcer) expandMatchesForContainerIndex(index int, idToAdd string) {
 	_, keyExists := pe.ContainerIndexToContainerIds[index]
 	if !keyExists {
@@ -599,6 +600,7 @@ func (pe *StandardSecurityPolicyEnforcer) expandMatchesForContainerIndex(index i
 	pe.ContainerIndexToContainerIds[index][idToAdd] = struct{}{}
 }
 
+// StandardSecurityPolicyEnforcer.mutex lock must be held prior to calling this function.
 func (pe *StandardSecurityPolicyEnforcer) narrowMatchesForContainerIndex(index int, idToRemove string) {
 	delete(pe.ContainerIndexToContainerIds[index], idToRemove)
 }
@@ -620,6 +622,7 @@ func equalForOverlay(a1 []string, a2 []string) bool {
 	return true
 }
 
+// StandardSecurityPolicyEnforcer.mutex lock must be held prior to calling this function.
 func (pe *StandardSecurityPolicyEnforcer) possibleIndicesForID(containerID string) []int {
 	var possibleIndices []int
 	for index, ids := range pe.ContainerIndexToContainerIds {