Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Does SELinux Slow Down Fedora 15?

  1. #1
    Join Date
    Jan 2007
    Posts
    15,649

    Default Does SELinux Slow Down Fedora 15?

    Phoronix: Does SELinux Slow Down Fedora 15?

    Earlier this week there were Fedora 15 vs. Ubuntu 11.04 benchmarks looking at the overall system performance as well as the power consumption. Both of these Linux distributions had performed close to one another, as is expected considering the similarities in their kernel and other packages, but there were some discrepancies in the disk tests. Speculations in the forums were that some of the performance differences might be attributed to SELinux, so here are some tests seeing the performance impact of SELinux on Fedora 15.

    http://www.phoronix.com/vr.php?view=16094

  2. #2
    Join Date
    Oct 2008
    Posts
    144

    Default

    Disabling SELinux had resulted in the PostMark mail server test profile yielding 5% higher performance than the stock Fedora 15 settings.
    No. Run the test 10 times and then we'll see

  3. #3

    Default

    I'm not sure if this is good for Fedora the differences are, so small (which is great for SELinux). Maybe it was lvm which affected Fedora performance in comparision to Ubuntu? Anyway, thanks for the benchmarks.

  4. #4
    Join Date
    Jun 2011
    Posts
    5

    Default How needs SELinux anyway?

    I always disable it, it just causes problems.

  5. #5
    Join Date
    Sep 2008
    Posts
    55

    Default

    Quote Originally Posted by felipec View Post
    I always disable it, it just causes problems.
    Indeed... security so strong, you can't use your computer.

  6. #6
    Join Date
    Sep 2008
    Posts
    989

    Default

    Quote Originally Posted by dsmithhfx View Post
    Indeed... security so strong, you can't use your computer.
    But you'd be a fool not to run it on a server with an exposed port listening on the public internet. Any kind of attack surface and you definitely want to run it.

    Heck even a web browser can be an attack surface.

  7. #7
    Join Date
    Sep 2008
    Posts
    55

    Default

    Apparently the devs who wrote it are able to understand it, and that's good enough for them.

  8. #8
    Join Date
    Jun 2011
    Location
    Brisbane, Australia
    Posts
    4

    Lightbulb More Accurate Benchmarks

    It is good that someone is getting onto this as it is one of the key features that differentiates fedora from other distros.

    The performance impact of selinux would be better reflected if hardware latencies are minimised. Netbook disks are typically low-end. The suggestion is that a Sandy + SSD or higher-end platter config might help further quantify the performance differences in a more useful way.

    While I feel that the current results are not conclusive, I really appreciate that someone is getting onto this!

  9. #9
    Join Date
    Aug 2009
    Location
    south east
    Posts
    344

    Default Easier to build an Interocitor than configure SELINUX

    It's easier to build the much sought after Interocitor than configure SELINUX.
    I'd like to see a write up on it being utilized to thwart a simulated attack. At least the Interocitor has laser beams

  10. #10
    Join Date
    Jul 2008
    Posts
    314

    Default

    It'd also be interesting to track CPU usage during the IO-bound tests, to see if there's any greater user/system load. If you're running a CPU-intensive setup and also trying to do lots of filesystem work, you'd want to know if one affects the other.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •