a h @sdddlZddlZddlmZddlTddlZddlmZddl m Z ej Z GdddejZdS) N)base)*) exceptions)commandscsheZdZdZeddZfddZeddZdd Zd d Z e d d dZ e d ddZ ZS) SelinuxPlugina Plug-in for tuning SELinux options. SELinux decisions, such as allowing or denying access, are cached. This cache is known as the Access Vector Cache (AVC). When using these cached decisions, SELinux policy rules need to be checked less, which increases performance. The [option]`avc_cache_threshold` option allows adjusting the maximum number of AVC entries. NOTE: Prior to changing the default value, evaluate the system performance with care. Increasing the value could potentially decrease the performance by making AVC slow. .Increase the AVC cache threshold for hosts with containers. ==== ---- [selinux] avc_cache_threshold=8192 ---- ==== cCs(d}tj|s$d}tj|s$d}|S)Nz/sys/fs/selinuxz/selinux)ospathexists)selfr r @/usr/lib/python3.9/site-packages/tuned/plugins/plugin_selinux.py_get_selinux_path"s   zSelinuxPlugin._get_selinux_pathcsTt|_||_|jdur&tdtj|jdd|_ t t |j |i|dS)NzFSELinux is not enabled on your system or incompatible version is used.ZavcZcache_threshold) r_cmdrZ _selinux_pathrZNotSupportedPluginExceptionrr join_cache_threshold_pathsuperr__init__)r argskwargs __class__r r r+s    zSelinuxPlugin.__init__cCsddiS)Navc_cache_thresholdr )r r r r _get_config_options3sz!SelinuxPlugin._get_config_optionscCsd|_d|_dS)NTF)Z_has_static_tuningZ_has_dynamic_tuningr instancer r r _instance_init9szSelinuxPlugin._instance_initcCsdS)Nr rr r r _instance_cleanup=szSelinuxPlugin._instance_cleanuprcCsL|dur dSt|}|dkrD|s@|jj|j||r8tjgndd|SdSdS)NrF)Zno_error)intrZ write_to_filererrnoENOENT)r valuerZsimremoveZ thresholdr r r _set_avc_cache_threshold@s z&SelinuxPlugin._set_avc_cache_thresholdcCs&|j|j}t|dkr"t|SdS)Nr)rZ read_filerlenr)r rr!r r r _get_avc_cache_thresholdMs z&SelinuxPlugin._get_avc_cache_threshold)__name__ __module__ __qualname____doc__ classmethodrrrrrZ command_setr#Z command_getr% __classcell__r r rr r s    r)rrrZ decoratorsZ tuned.logsZtunedZ tuned.pluginsrZtuned.utils.commandsrZlogsgetlogZPluginrr r r r s