avc_cache_stats - Linux

Overview

avc_cache_stats is a command-line tool used to display statistics about the SELinux AVC (Access Vector Cache). It provides insights into the performance and efficiency of the SELinux policy enforcement.

Syntax

avc_cache_stats [-h] [-V] [-s] [-t] [-S] [-c] [-p] [-i {IDs}]

Options/Flags

• -h: Display brief help message.
• -V: Display version information.
• -s: Show statistics for all classes.
• -t: Show timing statistics.
• -S: Show statistics sorted by performance.
• -c: Show statistics in CSV format.
• -p: Show policy sources.
• -i {IDs}: Filter results by policy ID.

Examples

Print general AVC cache statistics:

avc_cache_stats

Show timing statistics for file class:

avc_cache_stats -t -s file

Export CSV statistics for all classes:

avc_cache_stats -c > avc_stats.csv

Filter statistics by policy ID:

avc_cache_stats -i 100,101

Common Issues

• No AVC statistics available: Ensure SELinux is enabled and enforcing.
• Inconsistent CSV output: Verify that the ‘-c’ option is used before attempting to parse CSV output.

Integration

avc_cache_stats can be combined with other tools for advanced analysis. For example:

• Use grep to filter output: avc_cache_stats | grep file
• Create scripts to automate regular reporting.

Related Commands

• avc_audit
• ausearch