LSM: shrink sizeof LSM specific portion of common_audit_data Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 3b3b0e4fc15efa507b902d90cea39e496a523c3b [log] [tgz]
author: Eric Paris <eparis@redhat.com> Tue Apr 03 09:37:02 2012 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Tue Apr 03 09:48:40 2012 -0700
tree: d7b91c21ad6c6f4ac21dd51297b74eec47c61684
parent: 95694129b43165911dc4e8a972f0d39ad98d86be [diff] [blame]
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 005a91b..fa13f17 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h

@@ -46,6 +46,22 @@
 	unsigned int frees;
 };
 
+struct selinux_audit_data {
+	u32 ssid;
+	u32 tsid;
+	u16 tclass;
+	u32 requested;
+	u32 audited;
+	u32 denied;
+	/*
+	 * auditdeny is a bit tricky and unintuitive.  See the
+	 * comments in avc.c for it's meaning and usage.
+	 */
+	u32 auditdeny;
+	struct av_decision *avd;
+	int result;
+};
+
 /*
  * AVC operations
  */
commit	3b3b0e4fc15efa507b902d90cea39e496a523c3b	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Tue Apr 03 09:37:02 2012 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Tue Apr 03 09:48:40 2012 -0700
tree	d7b91c21ad6c6f4ac21dd51297b74eec47c61684
parent	95694129b43165911dc4e8a972f0d39ad98d86be [diff] [blame]