1avc_cache_stats(3)         SELinux API documentation        avc_cache_stats(3)
2
3
4

NAME

6       avc_cache_stats, avc_av_stats, avc_sid_stats - obtain userspace SELinux
7       AVC statistics
8

SYNOPSIS

10       #include <selinux/selinux.h>
11       #include <selinux/avc.h>
12
13       void avc_av_stats(void);
14
15       void avc_sid_stats(void);
16
17       void avc_cache_stats(struct avc_cache_stats *stats);
18

DESCRIPTION

20       The userspace AVC maintains two internal  hash  tables,  one  to  store
21       security ID's and one to cache access decisions.
22
23       avc_av_stats()  and avc_sid_stats() produce log messages indicating the
24       status of the access decision and SID tables, respectively.   The  mes‐
25       sages  contain the number of entries in the table, number of hash buck‐
26       ets and number of buckets used, and maximum number of entries in a sin‐
27       gle bucket.
28
29       avc_cache_stats()  populates  a  structure  whose  fields reflect cache
30       activity:
31
32              struct avc_cache_stats {
33                  unsigned  entry_lookups;
34                  unsigned  entry_hits;
35                  unsigned  entry_misses;
36                  unsigned  entry_discards;
37                  unsigned  cav_lookups;
38                  unsigned  cav_hits;
39                  unsigned  cav_probes;
40                  unsigned  cav_misses;
41              };
42
43
44       entry_lookups
45              Number of queries made.
46
47       entry_hits
48              Number of times a decision was found in the aeref argument.
49
50       entry_misses
51              Number of times a decision was not found in the aeref argument.
52
53       entry_discards
54              Number of times a decision was not found in the  aeref  argument
55              and the aeref argument was non-NULL.
56
57       cav_lookups
58              Number of cache lookups.
59
60       cav_hits
61              Number of cache hits.
62
63       cav_misses
64              Number of cache misses.
65
66       cav_probes
67              Number of entries examined while searching the cache.
68

NOTES

70       When  the  cache  is  flushed as a result of a call to avc_reset() or a
71       policy   change    notification,    the    statistics    returned    by
72       avc_cache_stats()  are  reset to zero.  The SID table, however, is left
73       unchanged.
74
75       When a policy change notification is received, a call to avc_av_stats()
76       is made before the cache is flushed.
77

AUTHOR

79       Eamon Walsh <ewalsh@tycho.nsa.gov>
80

SEE ALSO

82       avc_init(3), avc_has_perm(3), avc_context_to_sid(3),
83       avc_add_callback(3), selinux(8)
84
85
86
87                                  27 May 2004               avc_cache_stats(3)
Impressum