FC4 kernel performance
Russell Coker
russell at coker.com.au
Fri Jun 24 07:41:04 UTC 2005
On Friday 24 June 2005 01:46, Rudi Chiarito <nutello at sweetness.com> wrote:
> On Thu, Jun 23, 2005 at 11:08:25AM -0400, Paul A Houle wrote:
> > desktop systems in a deade. Linux 2.6 is ready, but is SELinux?
>
> It depends on what you are doing. With some floating-point intensive
> code running on a cluster of FC3 dual Opterons, I wasn't able to measure
> SELinux overhead in a reliable manner. It seemed to be lost in the noise
When the CPU is busy executing application code that does not perform any
system calls there should not be any SE Linux CPU overhead. So any code that
is doing calculations (regardless of whether it's integer or floating point)
and nothing else should not be impacted by SE Linux. One area of overhead is
in memory use, the SE Linux policy is stored in non-pageable kernel memory.
If you have only a small amount of memory on the system (64M or less) then
the memory taken by the SE Linux policy can have an impact on performance
leading to paging of application data when otherwise it might not page such
data or in OOM on machines without a swap space enabled. The "strict" policy
(which is not installed by default) will not run on a machine with 64M of RAM
unless you do some significant tweaks. The "targeted" policy is less
complex, smaller, and uses less RAM.
> Code that is more disk- and network-intensive should be of course result
> in different observations.
Code that is disk intensive should not be an issue either. The shortest time
for a seek is about 5ms. The most complex SE Linux access check will not
take a fraction of 5ms so the performance impact should not be measurable.
Where the SE Linux performance impact is measurable is in network operations
and IPC (including pseudo-tty). These are operations that involve SE Linux
access checks and have operations occurring much more frequently than any
hard disk can sustain.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list