forked from Minki/linux
615e51fdda
When flushing the AVC, such as during a policy load, the various network caches are also flushed, with each making a call to synchronize_net() which has shown to be expensive in some cases. This patch consolidates the network cache flushes into a single AVC callback which only calls synchronize_net() once for each AVC cache flush. Reported-by: Jaejyn Shin <flagon22bass@gmail.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
26 lines
754 B
C
26 lines
754 B
C
/*
|
|
* Network interface table.
|
|
*
|
|
* Network interfaces (devices) do not have a security field, so we
|
|
* maintain a table associating each interface with a SID.
|
|
*
|
|
* Author: James Morris <jmorris@redhat.com>
|
|
*
|
|
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
* Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
|
|
* Paul Moore <paul@paul-moore.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2,
|
|
* as published by the Free Software Foundation.
|
|
*/
|
|
#ifndef _SELINUX_NETIF_H_
|
|
#define _SELINUX_NETIF_H_
|
|
|
|
void sel_netif_flush(void);
|
|
|
|
int sel_netif_sid(int ifindex, u32 *sid);
|
|
|
|
#endif /* _SELINUX_NETIF_H_ */
|
|
|