diff options
author | Eric Paris <eparis@redhat.com> | 2012-04-03 09:37:02 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-04-03 09:48:40 -0700 |
commit | 3b3b0e4fc15efa507b902d90cea39e496a523c3b (patch) | |
tree | d7b91c21ad6c6f4ac21dd51297b74eec47c61684 /security/selinux/include | |
parent | 95694129b43165911dc4e8a972f0d39ad98d86be (diff) | |
download | op-kernel-dev-3b3b0e4fc15efa507b902d90cea39e496a523c3b.zip op-kernel-dev-3b3b0e4fc15efa507b902d90cea39e496a523c3b.tar.gz |
LSM: shrink sizeof LSM specific portion of common_audit_data
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/avc.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 005a91b..fa13f17 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -46,6 +46,22 @@ struct avc_cache_stats { unsigned int frees; }; +struct selinux_audit_data { + u32 ssid; + u32 tsid; + u16 tclass; + u32 requested; + u32 audited; + u32 denied; + /* + * auditdeny is a bit tricky and unintuitive. See the + * comments in avc.c for it's meaning and usage. + */ + u32 auditdeny; + struct av_decision *avd; + int result; +}; + /* * AVC operations */ |