Announcement

Collapse
No announcement yet.

The Performance Cost To SELinux On Fedora 31

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    The Performance Cost To SELinux On Fedora 31

    Phoronix: The Performance Cost To SELinux On Fedora 31

    Following the recent AppArmor performance regression in Linux 5.5 (since resolved), some Phoronix readers had requested tests out of curiosity in looking at the performance impact of Fedora's decision to utilize SELinux by default. Here is how the Fedora Workstation 31 performance compares out-of-the-box with SELinux to disabling it.

    The Performance Cost To SELinux On Fedora 31 - Phoronix
    http://www.phoronix.com/vr.php?view=28798
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    Thanks for those tests. That's something I've always been curious of.

    It honestly isn't all that surprising to me that extra security has a performance impact and just I'm glad it isn't that bad.
    • Likes 11

    Comment

    • #3
      I honestly expected worse, but good to know it's quite acceptable.
      • Likes 8

      Comment

      • #4
        I've seen nothing to worry about.
        • Likes 8

        Comment

        • #5
          Originally posted by Britoid View Post
          I honestly expected worse, but good to know it's quite acceptable.
          Same here, considering SELinux is pretty heavy in my opinion (like I have to mess with the cons all the time since for mysterious reasons I can't do anything with this file or this other file).
          • Likes 3

          Comment

          • #6
            Michael I'm really loving the way you are graphing the results now, first highlighting the biggest perf differences and in the end we have the geometric mean, showing that those differences might not apply to real-world usage
            • Likes 3

            Comment

            • #7
              There is a performance cost. There is also a data breach cost. While the first might range from a nuisance to a proper cost of making business, the second one may expose you to regulation penalties and threaten your whole business' existence. Those who use it, really need it.

              Comment

              • #8
                I wonder how it compares to AppArmor, both from security and performance perspectives.
                • Likes 3

                Comment

                • #9
                  Originally posted by sarmad View Post
                  I wonder how it compares to AppArmor, both from security and performance perspectives.
                  there are already tests of AA performance price. It would be nice to see a benchmark done after it was fixed though.

                  and there is plenty of comparisons between selinux and apparmor

                  Comment

                  • #10
                    Originally posted by clavko View Post
                    There is a performance cost. There is also a data breach cost.
                    I've never gotten a cogent explanation or example of how SELinux provides any substantial security benefits on a modern linux system. And if you're implementing anything which is complicated and not mainstream the very first instruction is always turn SELinux off.
                    • Likes 3

                    Comment

                    Previous 1 2 3 template Next
                    Working...
                    X