On Monday 28 February 2005 05:24, Doran Barton <fozz(a)iodynamics.com> wrote:
Do you need SELinux? It is guaranteed to slow down the boot process
and
hinder performance in general. If you don't need it, edit the
/etc/sysconfig/selinux file, disable it, and reboot.
How much has performance improved in your tests from making such a change?
What hardware do you run?
My experience is that apart from some corner cases SE Linux does not have
enough overhead to impact performance in any notable way and that good
benchmarks are required to detect any difference.
One corner case is for a machine that is low on memory. If you load a large
policy (such as the "strict" policy which incidentally is not the default for
Fedora) on a machine with a small amount of memory then you may have some
performance issues. On a machine with 64M of RAM and a slow hard disk the
strict policy will cause some performance problems, but the targeted policy
should be fine. If you have 128M or more I doubt that SE Linux will have any
noticable impact.
At
http://www.coker.com.au/selinux/talks/ols2003/ I have the paper I presented
at OLS on running SE Linux on an iPaQ PDA. You may want to read the paper if
you are concerned about the impact of SE Linux on small machines.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page