performance loss with selinux?
Stephen Smalley
sds at tycho.nsa.gov
Fri Jun 24 12:25:44 UTC 2005
On Fri, 2005-06-24 at 05:55 +0200, Vassilios Kotoulas wrote:
> hi all,
>
> I run a postgres server with permanent very high disk and network load.
> I would like to enable selinux but I can't afford any loss of
> performance. Does selinux bring a noticeable performance loss?
There is performance overhead from SELinux, but I don't know precisely
how it will affect your workload. Possibly more importantly, enabling
SELinux on a production system is a delicate operation when you haven't
had it enabled from the beginning; you'll need to label your
filesystems, and some tuning of your policy may be necessary for your
particular functionality. Best thing to do is to try it out on a test
box first, and simulate a similar load on it based on data collected
from your production server to assess the impact.
--
Stephen Smalley
National Security Agency
More information about the fedora-list
mailing list