Your IP : 3.141.192.174
3
�<�e � @ sd d dl Z d dlZddlmZ ddlT d dlZd dlmZ d dl m
Z
ejj� Z
G dd� dej�ZdS ) � N� )�base)�*)�
exceptions)�commandsc sh e Zd ZdZedd� �Z� fdd�Zedd� �Zdd � Zd
d� Z e
d�d
d� �Zed�dd� �Z
� ZS )�
SelinuxPlugina�
`selinux`::
Plug-in for tuning SELinux options.
+
SELinux decisions, such as allowing or denying access, are
cached. This cache is known as the Access Vector Cache (AVC). When
using these cached decisions, SELinux policy rules need to be checked
less, which increases performance. The [option]`avc_cache_threshold`
option allows adjusting the maximum number of AVC entries.
+
NOTE: Prior to changing the default value, evaluate the system
performance with care. Increasing the value could potentially
decrease the performance by making AVC slow.
+
.Increase the AVC cache threshold for hosts with containers.
====
----
[selinux]
avc_cache_threshold=8192
----
====
c C s( d}t jj|�s$d}t jj|�s$d }|S )Nz/sys/fs/selinuxz/selinux)�os�path�exists)�selfr � r �$/usr/lib/python3.6/plugin_selinux.py�_get_selinux_path$ s zSelinuxPlugin._get_selinux_pathc sP t � | _| j� | _| jd kr&tjd��tjj| jdd�| _ t
t| �j||� d S )NzFSELinux is not enabled on your system or incompatible version is used.ZavcZcache_threshold)
r �_cmdr Z
_selinux_pathr ZNotSupportedPluginExceptionr r �join�_cache_threshold_path�superr �__init__)r �args�kwargs)� __class__r r
r - s
zSelinuxPlugin.__init__c C s dd iS )N�avc_cache_thresholdr )r r r r
�_get_config_options5 s z!SelinuxPlugin._get_config_optionsc C s d|_ d|_d S )NTF)Z_has_static_tuningZ_has_dynamic_tuning)r �instancer r r
�_instance_init; s zSelinuxPlugin._instance_initc C s d S )Nr )r r r r r
�_instance_cleanup? s zSelinuxPlugin._instance_cleanupr c C sL |d krd S t |�}|dkrD|s@| jj| j||r8tjgndd� |S d S d S )Nr F)Zno_error)�intr Z
write_to_filer �errno�ENOENT)r �valueZsim�removeZ thresholdr r r
�_set_avc_cache_thresholdB s z&SelinuxPlugin._set_avc_cache_thresholdc C s&