Individual GuardPoint Tuning
Previously, CTE-U took an all or nothing approach to tuning GuardPoints. You could tune all of the GuardPoints together, but you could not tune them individually. For example, you could turn write back cache on for all GuardPoints or none of them. Now you can turn it on or off per individual GuardPoint.
A restart is required when you change the configuration.
SecFS changes for tuning
Set Global Configuration
- To set the configuration globally, type:
voradmin secfs config <config param> <config value>
Set Individual Configuration
- To set the configuration for individual GuardPoints, type:
voradmin secfs config <config param> <config value> [guardpoint path]
Tunable Parameters
| Configurable Parameter | Configurable Value (Default) | Description | Status |
|---|---|---|---|
| allow_setfs | 1 | Uses FSUID to create files as root and change ownership with chmod; only applies to NFS. | Do not change |
| custom_cache_management | 1 | Allows for overriding of default caching | Do not change |
| debug_all | 4 | Debug level, can be adjusted later using secfsd -log_level <4-8> |
Change as needed |
| debug_extra | 0 | Debug level | Change as needed |
| enable_xattr | 0 | Enables use of xattrs in the file system, default is off for best performance |
Set to to 1 if performing a restore from CTE with xattrs. Set to 0 for normal CTE-U use. |
| fileinfo_cache_timeout | 100 | Amount of milliseconds to keep file attribute data in cache | Change as needed |
| log_level | 4-8 | Sets the sensitivity of the logs. Use voradmin secfsd -log_level |
Change as needed but be mindful of performance issues |
| loginuid | 1 | Enforce loginuid. Without this set, su can bypass security |
Change as needed |
| max_worker_threads | 10 | Maximum parallel threads allowed | Change as needed |
| mixed_policy | 1 | If mixed modes needed (ex: apply key on read, no apply key on write), set this value; it causes an extra access check | Change as needed |
| nfs_user | 0 | UID of specific NFS user to use | Change as needed |
| parallel_writes | 1 | Allows non-overlapping writes to run in parallel | Change as needed |
| splice | 0 | Allows use of splice call from FUSE | Change as needed |
| writeback_cache_local | 1 | Uses writeback cache for local file systems (extx, xfs, btrfs) | Change as needed |
| writeback_cache_nfs | 0 | Uses writeback cache for NFS | Change as needed |
After changing any tunable parameter, you must restart CTE-U for the change to take effect.
