selinux and oracle

[Darwin H. Webb]

Daniel J Walsh wrote:
> Jack Null wrote:
>> I have a RHEL4U4 server that will become an Oracle 10gR2 server in 
>> three weeks.  Almost all of the documentation I have seen about 
>> installing oracle on a selinux enabled server says to turn off 
>> selinux.  Only 1 document said that oracle and selinux can function 
>> together.  So can oracle and selinux play nice or do I have to turn 
>> it off?
> They should be able to play nice.  The only place they might hit would 
> be if there is a web interface.
> Oracle might also be seeking to eek out every bit of performace.  
> SELinux can add some load between 2-20% depending on which performance 
> test you run.
>>
>> Thanks,
>> Adam
>>
>> _________________________________________________________________
>> Find sales, coupons, and free shipping, all in one place!  MSN 
>> Shopping Sales & Deals 
>> http://shopping.msn.com/content/shp/?ctid=198,ptnrid=176,ptnrdata=200639
>>
>> -- 
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
"Oracle might also be seeking to eek out every bit of performace.  
SELinux can add some load between 2-20% depending on which performance 
test you run."

I thoht SELinux's overhead was only for the transitions and file access 
thereby being a small amount of this total time (est. at 7% untuned.)

The web app would be using Oracle's security with a MyWebAppUsername. 
Yes / No?

Could you explain this overhead and where and what is doing it, please.
I don't see where it would be any greater than 7% of the volume of 
transitions and file accesses (which would be different web files. And 
that would be an Apache overhead whether a DBMS was being used or not.

Thank you,

Darwin