-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/23/2011 08:58 AM, Pádraig Brady wrote: > On 23/06/11 12:28, Lennart Poettering wrote: >> On Thu, 23.06.11 12:58, yersinia (yersinia.spiros@xxxxxxxxx) wrote: >> >>> Greetings >>> >>> Perhaps it is of interest to this list that Phonorix has produced a new >>> benchmark about the performance impact of SELinux on >>> Fedora 15. Look very good >>> http://www.phoronix.com/scan.php?page=article&item=fedora_15_selinux&num=2. >> >> The biggest impact it has on boot time really. Might be worth measuring that. > > A work colleague here did that a couple of days ago. > To boot to a usable desktop with stock F15 with gdm auto login: > > with selinux: 43s > without selinux: 24s > > Hardware is pinetrail netbook (1.6GHz Atom N455). > 2GB RAM and SSD limited by SATA I interface. > > cheers, > Pádraig. We have found one problem in libselinux that could account for some of the slowdown, but not much, this increases the spead of matchpathcon. We have fixed this in F16. Tests conducted in Rawhide. systemd reads in policy file and loads it in the kernel. # du -m /etc/selinux/targeted/policy/policy.26 7 /etc/selinux/targeted/policy/policy.26 The load_policy command on my T61 does pretty much the equivalent. # time load_policy real 0m7.483s user 0m0.000s sys 0m2.255s systemd and udev both load the file_context files and create regexs based on these files. matchpathcon does the equivalent. time matchpathcon /dev /dev system_u:object_r:device_t:s0 real 0m0.069s user 0m0.012s sys 0m0.021s Obviously this is a more powerful machine then the Atom, but I would figure loading of the policy is the culprit. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk4DQ2QACgkQrlYvE4MpobMvywCdHt07Jtfef5e6oQHLEM/6OToy F18AoIt+je00t/uPSt9vMOj0L/4nwhnX =32eQ -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
