On Mon, Jun 14, 2021 at 5:05 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> It is possible to create bad behaving policy that can consume all
> of a system's memory (one way is through the use of inheritance).
> Analyzing these policies shows that most of the memory usage is for
> the block symtabs.
>
> Most of the nineteen symtabs will most likely never be used, so give
> these symtabs an initial size of 1. The others are given more
> appropriate sizes.
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
For this patch:
Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Thanks!
> ---
> libsepol/cil/src/cil.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
> index 0d351b49..c6674fc1 100644
> --- a/libsepol/cil/src/cil.c
> +++ b/libsepol/cil/src/cil.c
> @@ -54,7 +54,7 @@
>
> int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
> {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
> - {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
> + {8, 8, 8, 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
> {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
> {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
> {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
> --
> 2.26.3
>
