libsepol/cil: Reduce the initial symtab sizes for blocks

It is possible to create bad behaving policy that can consume all of a system's memory (one way is through the use of inheritance). Analyzing these policies shows that most of the memory usage is for the block symtabs. Most of the nineteen symtabs will most likely never be used, so give these symtabs an initial size of 1. The others are given more appropriate sizes. Signed-off-by: James Carter <jwcart2@gmail.com> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
sailfishos-mirror · Jun 24, 2021 · 36e4945 · 36e4945
1 parent f33745a
commit 36e4945
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
@@ -54,7 +54,7 @@
 
 int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
 	{64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
-	{64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64},
+	{8, 8, 8, 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}