avc_cache_stats(3) — Linux manual page


avc_cache_stats(3)        SELinux API documentation       avc_cache_stats(3)

NAME         top

       avc_cache_stats,   avc_av_stats,  avc_sid_stats  -  obtain  userspace
       SELinux AVC statistics

SYNOPSIS         top

       #include <selinux/selinux.h>
       #include <selinux/avc.h>

       void avc_av_stats(void);

       void avc_sid_stats(void);

       void avc_cache_stats(struct avc_cache_stats *stats);

DESCRIPTION         top

       The userspace AVC maintains two internal hash tables, one to store
       security ID's and one to cache access decisions.

       avc_av_stats() and avc_sid_stats() produce log messages indicating
       the status of the access decision and SID tables, respectively.  The
       messages contain the number of entries in the table, number of hash
       buckets and number of buckets used, and maximum number of entries in
       a single bucket.

       avc_cache_stats() populates a structure whose fields reflect cache

              struct avc_cache_stats {
                  unsigned  entry_lookups;
                  unsigned  entry_hits;
                  unsigned  entry_misses;
                  unsigned  entry_discards;
                  unsigned  cav_lookups;
                  unsigned  cav_hits;
                  unsigned  cav_probes;
                  unsigned  cav_misses;

              Number of queries made.

              Number of times a decision was found in the aeref argument.

              Number of times a decision was not found in the aeref

              Number of times a decision was not found in the aeref argument
              and the aeref argument was non-NULL.

              Number of cache lookups.

              Number of cache hits.

              Number of cache misses.

              Number of entries examined while searching the cache.

NOTES         top

       When the cache is flushed as a result of a call to avc_reset() or a
       policy change notification, the statistics returned by
       avc_cache_stats() are reset to zero.  The SID table, however, is left

       When a policy change notification is received, a call to
       avc_av_stats() is made before the cache is flushed.

AUTHOR         top

       Eamon Walsh <ewalsh@tycho.nsa.gov>

SEE ALSO         top

       avc_init(3), avc_has_perm(3), avc_context_to_sid(3),
       avc_add_callback(3), selinux(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you
       have a bug report for this manual page, see
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2020-11-01.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-10-31.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or im‐
       provements to the information in this COLOPHON (which is not part of
       the original manual page), send a mail to man-pages@man7.org

                                 27 May 2004              avc_cache_stats(3)

Pages that refer to this page: avc_add_callback(3)avc_audit(3)avc_cleanup(3)avc_context_to_sid(3)avc_destroy(3)avc_entry_ref_init(3)avc_get_initial_context(3)avc_get_initial_sid(3)avc_has_perm(3)avc_has_perm_noaudit(3)avc_open(3)avc_reset(3)avc_sid_to_context(3)sidget(3)sidput(3)