Watch Performance

[Steve Grubb]

Hi,

Based on finding an unnecessary function call to selinux_task_ctxid when 
evaluating syscall rules, I built a new kernel and re-ran the same tests.

rules  seconds    loss
0        47            0%
10      53            11%
25      68            43%
50      99            109%
75      132          178%
90      157          232%

The 75 rule performance hit is now 178% instead of 184%. So there is some 
notable improvement in performance. 

For comparison, I also loaded the 90 rules config into RHEL4. There is only a 
6% performance hit compared to no rules. I think the bulk of that comes from 
evaluating the 10 syscall rules rather than the file system audit code.

-Steve