diff options
| author | Eric Paris <eparis@redhat.com> | 2012-04-03 12:37:02 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-04-03 12:48:40 -0400 |
| commit | 3b3b0e4fc15efa507b902d90cea39e496a523c3b (patch) | |
| tree | d7b91c21ad6c6f4ac21dd51297b74eec47c61684 /security/selinux/include | |
| parent | 95694129b43165911dc4e8a972f0d39ad98d86be (diff) | |
LSM: shrink sizeof LSM specific portion of common_audit_data
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/avc.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 005a91bcb200..fa13f17ce0ff 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h | |||
| @@ -46,6 +46,22 @@ struct avc_cache_stats { | |||
| 46 | unsigned int frees; | 46 | unsigned int frees; |
| 47 | }; | 47 | }; |
| 48 | 48 | ||
| 49 | struct selinux_audit_data { | ||
| 50 | u32 ssid; | ||
| 51 | u32 tsid; | ||
| 52 | u16 tclass; | ||
| 53 | u32 requested; | ||
| 54 | u32 audited; | ||
| 55 | u32 denied; | ||
| 56 | /* | ||
| 57 | * auditdeny is a bit tricky and unintuitive. See the | ||
| 58 | * comments in avc.c for it's meaning and usage. | ||
| 59 | */ | ||
| 60 | u32 auditdeny; | ||
| 61 | struct av_decision *avd; | ||
| 62 | int result; | ||
| 63 | }; | ||
| 64 | |||
| 49 | /* | 65 | /* |
| 50 | * AVC operations | 66 | * AVC operations |
| 51 | */ | 67 | */ |