FC4 kernel performance
Paul A Houle
ph18 at cornell.edu
Thu Jun 23 15:08:25 UTC 2005
>
>I have doubts about such play machines except as a learning tool, but if
>you are interested, Russell Coker has a SELinux play machine available
>with information at:
>http://www.coker.com.au/selinux/play.html
>
>
Yeah, I thought about this a lot last night, and realized that
even if the SELinux implementation in the kernel was perfect,
everything hangs on the userspace implementation. There's a certain
emotional reaction that people get from hearing that you can log in as
'root' and it's harmless, but the real threats are attacks on real
systems that do real work, not straw men that were set up to be (or not
be) knocked down.
Two more concerns came up for me with SELinux:
(i) scalability on SMP -- I can attest that this is a nice machine:
http://www.sun.com/servers/entry/v40z/index.jsp
running four single-core processors: this four-socket machine upgrades
to an eight-way machine with dual core processors -- this really changes
the economics of SMP and is going to push the 'sweet spot' from 2-way
towards 4-way and 8-way. System-on-chip is the major path for
performance increases in the future, and we might even have 16-way
desktop systems in a deade. Linux 2.6 is ready, but is SELinux?
(ii) reliability -- Linux 2.6 is a big advance over Linux 2.4, but we
had a crash last night. Unlike our struggles with 2.4, we found that
the problem had already been reported and fixed in a recent kernel
version. It's hard to fix bugs that aren't easily repeatable, and the
longer code paths get, the worse things get.
More information about the fedora-devel-list
mailing list