3 À<×e ã@sdddlZddlZddlmZddlTddlZddlmZddl m Z ej j ƒZ Gdd„dejƒZdS) éNé)Úbase)Ú*)Ú exceptions)ÚcommandscsheZdZdZedd„ƒZ‡fdd„Zedd„ƒZdd „Zd d „Z e d ƒd d„ƒZ e d ƒdd„ƒZ ‡ZS)Ú SelinuxPlugina° `selinux`:: Plug-in for tuning SELinux options. + SELinux decisions, such as allowing or denying access, are cached. This cache is known as the Access Vector Cache (AVC). When using these cached decisions, SELinux policy rules need to be checked less, which increases performance. The [option]`avc_cache_threshold` option allows adjusting the maximum number of AVC entries. + NOTE: Prior to changing the default value, evaluate the system performance with care. Increasing the value could potentially decrease the performance by making AVC slow. + .Increase the AVC cache threshold for hosts with containers. ==== ---- [selinux] avc_cache_threshold=8192 ---- ==== cCs(d}tjj|ƒs$d}tjj|ƒs$d}|S)Nz/sys/fs/selinuxz/selinux)ÚosÚpathÚexists)Úselfr ©r ú$/usr/lib/python3.6/plugin_selinux.pyÚ_get_selinux_path$s   zSelinuxPlugin._get_selinux_pathcsPtƒ|_|jƒ|_|jdkr&tjdƒ‚tjj|jddƒ|_ t t |ƒj ||ŽdS)NzFSELinux is not enabled on your system or incompatible version is used.ZavcZcache_threshold) rÚ_cmdrZ _selinux_pathrZNotSupportedPluginExceptionrr ÚjoinÚ_cache_threshold_pathÚsuperrÚ__init__)r ÚargsÚkwargs)Ú __class__r r r-s    zSelinuxPlugin.__init__cCsddiS)NÚavc_cache_thresholdr )r r r r Ú_get_config_options5sz!SelinuxPlugin._get_config_optionscCsd|_d|_dS)NTF)Z_has_static_tuningZ_has_dynamic_tuning)r Úinstancer r r Ú_instance_init;szSelinuxPlugin._instance_initcCsdS)Nr )r rr r r Ú_instance_cleanup?szSelinuxPlugin._instance_cleanuprcCsL|dkr dSt|ƒ}|dkrD|s@|jj|j||r8tjgndd|SdSdS)NrF)Zno_error)ÚintrZ write_to_filerÚerrnoÚENOENT)r ÚvalueZsimÚremoveZ thresholdr r r Ú_set_avc_cache_thresholdBs z&SelinuxPlugin._set_avc_cache_thresholdcCs&|jj|jƒ}t|ƒdkr"t|ƒSdS)Nr)rZ read_filerÚlenr)r rr r r Ú_get_avc_cache_thresholdOs z&SelinuxPlugin._get_avc_cache_threshold)Ú__name__Ú __module__Ú __qualname__Ú__doc__Ú classmethodrrrrrZ command_setr!Z command_getr#Ú __classcell__r r )rr r s   r)rrÚrZ decoratorsZ tuned.logsZtunedZ tuned.pluginsrZtuned.utils.commandsrZlogsÚgetÚlogZPluginrr r r r Ús