From 4ee264a2aac3c59c5bb144d2687d46b8ba395da8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@fedoraproject.org>
Date: Wed, 5 Sep 2018 14:52:27 +0200
Subject: [PATCH] Lower avc_cache_threshold from 65536 to 4096 - 512 being
 RHEL7's default. Too high values cause performance problems. Rationale:
 https://github.com/SELinuxProject/selinux-kernel/issues/34#issuecomment-376544588
 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1548428

---
 roles/tuned/templates/openshift/tuned.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/tuned/templates/openshift/tuned.conf b/roles/tuned/templates/openshift/tuned.conf
index 7f45b49e665..c5487325d94 100644
--- a/roles/tuned/templates/openshift/tuned.conf
+++ b/roles/tuned/templates/openshift/tuned.conf
@@ -7,7 +7,7 @@ summary=Optimize systems running OpenShift (parent profile)
 include=${f:virt_check:{{ openshift_tuned_guest_profile }}:throughput-performance}
 
 [selinux]
-avc_cache_threshold=65536
+avc_cache_threshold=4096
 
 [net]
 nf_conntrack_hashsize=131072