On 23/06/11 14:45, Daniel J Walsh wrote:
> On 06/23/2011 08:58 AM, Pádraig Brady wrote:
>> On 23/06/11 12:28, Lennart Poettering wrote:
>>> On Thu, 23.06.11 12:58, yersinia (firstname.lastname@example.org) wrote:
>>>> Perhaps it is of interest to this list that Phonorix has produced a new
>>>> benchmark about the performance impact of SELinux on
>>>> Fedora 15. Look very good
>>>> http://www.phoronix.com/scan.php?page=article&item=fedora_15_selinux&num=2 .
>>> The biggest impact it has on boot time really. Might be worth measuring that.
>> A work colleague here did that a couple of days ago.
>> To boot to a usable desktop with stock F15 with gdm auto login:
>> with selinux: 43s
>> without selinux: 24s
>> Hardware is pinetrail netbook (1.6GHz Atom N455).
>> 2GB RAM and SSD limited by SATA I interface.
Repeating the above on my F15 sandy bridge i3 laptop
shows a much closer result:
with selinux: 18s
without selinux: 14s
> We have found one problem in libselinux that could account for some of
> the slowdown, but not much, this increases the spead of matchpathcon.
> We have fixed this in F16.
> Tests conducted in Rawhide.
> systemd reads in policy file and loads it in the kernel.
> # du -m /etc/selinux/targeted/policy/policy.26
> 7 /etc/selinux/targeted/policy/policy.26
> The load_policy command on my T61 does pretty much the equivalent.
> # time load_policy
> real 0m7.483s
> user 0m0.000s
> sys 0m2.255s
> systemd and udev both load the file_context files and create regexs
> based on these files. matchpathcon does the equivalent.
> time matchpathcon /dev
> /dev system_u
> real 0m0.069s
> user 0m0.012s
> sys 0m0.021s
> Obviously this is a more powerful machine then the Atom, but I would
> figure loading of the policy is the culprit.
snb# time matchpathcon /dev
snb# time load_policy
atom# time matchpathcon /dev
atom# time load_policy
devel mailing list