performance loss with selinux?

Andy Green andy at warmcat.com
Fri Jun 24 07:09:10 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vassilios Kotoulas wrote:
| hi all,
|
| I run a postgres server with permanent very high disk and network load.
| I would like to enable selinux but I can't afford any loss of
| performance. Does selinux bring a noticeable performance loss?

I would guess not... SELinux is only operating at the file permissions
level.  If postgres is opening its database files when you start it, and
then just shifting data around in them, SELinux is only really getting a
look-in when you started postgres, AIUI, deciding if it is allowed to
open or write to the files.  After that you are shifting data around as
normal without SELinux in the way.

Of course if postgres is opening and closing hundreds of files per
transaction, you'll get a different story :-) but I strongly doubt it.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFCu7GWjKeDCxMJCTIRAio3AJ9bbwQOAZnSmNnsJIQn9TkGtueh/ACfUs/Y
Wn4Zrsw9NecilT5Q75MuYkE=
=SM9+
-----END PGP SIGNATURE-----




More information about the fedora-list mailing list