|
Chris PeBenito |
473ea7 |
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
Chris PeBenito |
473ea7 |
.\"
|
|
Chris PeBenito |
473ea7 |
.\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004
|
|
Chris PeBenito |
473ea7 |
.TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation"
|
|
Chris PeBenito |
473ea7 |
.SH "NAME"
|
|
Chris PeBenito |
473ea7 |
avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace AVC statistics.
|
|
Chris PeBenito |
473ea7 |
.SH "SYNOPSIS"
|
|
Chris PeBenito |
473ea7 |
.B #include <selinux/selinux.h>
|
|
Chris PeBenito |
473ea7 |
.br
|
|
Chris PeBenito |
473ea7 |
.B #include <selinux/avc.h>
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "void avc_av_stats(void);"
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "void avc_sid_stats(void);"
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "void avc_cache_stats(struct avc_cache_stats *" stats ");"
|
|
Chris PeBenito |
473ea7 |
.SH "DESCRIPTION"
|
|
Chris PeBenito |
473ea7 |
The userspace AVC maintains two internal hash tables, one to store security ID's and one to cache access decisions.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B avc_av_stats
|
|
Chris PeBenito |
473ea7 |
and
|
|
Chris PeBenito |
473ea7 |
.B avc_sid_stats
|
|
Chris PeBenito |
473ea7 |
produce log messages indicating the status of the access decision and SID tables, respectively. The messages contain the number of entries in the table, number of hash buckets and number of buckets used, and maximum number of entries in a single bucket.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B avc_cache_stats
|
|
Chris PeBenito |
473ea7 |
populates a structure whose fields reflect cache activity:
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.RS
|
|
Chris PeBenito |
473ea7 |
.ta 4n 14n
|
|
Chris PeBenito |
473ea7 |
.nf
|
|
Chris PeBenito |
473ea7 |
struct avc_cache_stats {
|
|
Chris PeBenito |
473ea7 |
unsigned entry_lookups;
|
|
Chris PeBenito |
473ea7 |
unsigned entry_hits;
|
|
Chris PeBenito |
473ea7 |
unsigned entry_misses;
|
|
Chris PeBenito |
473ea7 |
unsigned entry_discards;
|
|
Chris PeBenito |
473ea7 |
unsigned cav_lookups;
|
|
Chris PeBenito |
473ea7 |
unsigned cav_hits;
|
|
Chris PeBenito |
473ea7 |
unsigned cav_probes;
|
|
Chris PeBenito |
473ea7 |
unsigned cav_misses;
|
|
Chris PeBenito |
473ea7 |
};
|
|
Chris PeBenito |
473ea7 |
.fi
|
|
Chris PeBenito |
473ea7 |
.ta
|
|
Chris PeBenito |
473ea7 |
.RE
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I entry_lookups
|
|
Chris PeBenito |
473ea7 |
Number of queries made.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I entry_hits
|
|
Chris PeBenito |
473ea7 |
Number of times a decision was found in the
|
|
Chris PeBenito |
473ea7 |
.I aeref
|
|
Chris PeBenito |
473ea7 |
argument.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I entry_misses
|
|
Chris PeBenito |
473ea7 |
Number of times a decision was not found in the
|
|
Chris PeBenito |
473ea7 |
.I aeref
|
|
Chris PeBenito |
473ea7 |
argument.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I entry_discards
|
|
Chris PeBenito |
473ea7 |
Number of times a decision was not found in the
|
|
Chris PeBenito |
473ea7 |
.I aeref
|
|
Chris PeBenito |
473ea7 |
argument and the
|
|
Chris PeBenito |
473ea7 |
.I aeref
|
|
Chris PeBenito |
473ea7 |
argument was non-NULL.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I cav_lookups
|
|
Chris PeBenito |
473ea7 |
Number of cache lookups.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I cav_hits
|
|
Chris PeBenito |
473ea7 |
Number of cache hits.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I cav_misses
|
|
Chris PeBenito |
473ea7 |
Number of cache misses.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.I cav_probes
|
|
Chris PeBenito |
473ea7 |
Number of entries examined while searching the cache.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "NOTES"
|
|
Chris PeBenito |
473ea7 |
When the cache is flushed as a result of a call to
|
|
Chris PeBenito |
473ea7 |
.B avc_reset
|
|
Chris PeBenito |
473ea7 |
or a policy change notification,
|
|
Chris PeBenito |
473ea7 |
the statistics returned by
|
|
Chris PeBenito |
473ea7 |
.B avc_cache_stats
|
|
Chris PeBenito |
473ea7 |
are reset to zero. The SID table, however, is left
|
|
Chris PeBenito |
473ea7 |
unchanged.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
When a policy change notification is received, a call to
|
|
Chris PeBenito |
473ea7 |
.B avc_av_stats
|
|
Chris PeBenito |
473ea7 |
is made before the cache is flushed.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "AUTHOR"
|
|
Chris PeBenito |
473ea7 |
Eamon Walsh <ewalsh@epoch.ncsc.mil>
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "SEE ALSO"
|
|
Chris PeBenito |
473ea7 |
.BR avc_init (3),
|
|
Chris PeBenito |
473ea7 |
.BR avc_has_perm (3),
|
|
Chris PeBenito |
473ea7 |
.BR avc_context_to_sid (3),
|
|
Chris PeBenito |
473ea7 |
.BR avc_add_callback (3)
|