Re: [INFO] New benchmark on SELINUX and Fedora 15 from Phoronix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 23/06/11 14:45, Daniel J Walsh wrote:
> On 06/23/2011 08:58 AM, Pádraig Brady wrote:
>> On 23/06/11 12:28, Lennart Poettering wrote:
>>> On Thu, 23.06.11 12:58, yersinia (yersinia.spiros@xxxxxxxxx) wrote:
>>>
>>>> Greetings
>>>>
>>>> Perhaps it is of interest to this list that Phonorix has produced a new
>>>> benchmark about the performance impact of SELinux on
>>>> Fedora 15. Look very good
>>>> http://www.phoronix.com/scan.php?page=article&item=fedora_15_selinux&num=2.
>>>
>>> The biggest impact it has on boot time really. Might be worth measuring that.
> 
>> A work colleague here did that a couple of days ago.
>> To boot to a usable desktop with stock F15 with gdm auto login:
> 
>>   with selinux:    43s
>>   without selinux: 24s
> 
>> Hardware is pinetrail netbook (1.6GHz Atom N455).
>> 2GB RAM and SSD limited by SATA I interface.

Repeating the above on my F15 sandy bridge i3 laptop
shows a much closer result:

  with selinux:    18s
  without selinux: 14s

> We have found one problem in libselinux that could account for some of
> the slowdown, but not much, this increases the spead of matchpathcon.
> We have fixed this in F16.
> 
> Tests conducted in Rawhide.
> 
> systemd reads in policy file and loads it in the kernel.
> 
> # du -m /etc/selinux/targeted/policy/policy.26
> 7	/etc/selinux/targeted/policy/policy.26
> 
> The load_policy command on my T61 does pretty much the equivalent.
> 
> # time load_policy
> 
> real	0m7.483s
> user	0m0.000s
> sys	0m2.255s
> 
> systemd and udev both load the file_context files and create regexs
> based on these files.  matchpathcon does the equivalent.
> 
> time matchpathcon /dev
> /dev	system_u:object_r:device_t:s0
> 
> real	0m0.069s
> user	0m0.012s
> sys	0m0.021s
> 
> Obviously this is a more powerful machine then the Atom, but I would
> figure loading of the policy is the culprit.

snb# time matchpathcon /dev
/dev    system_u:object_r:device_t:s0

real    0m0.101s
user    0m0.096s
sys     0m0.004s

snb# time load_policy

real    0m1.553s
user    0m0.000s
sys     0m0.483s

atom# time matchpathcon /dev
/dev	system_u:object_r:device_t:s0

real	0m1.036s
user	0m1.012s
sys	0m0.019s

atom# time load_policy

about 4s

cheers,
Pádraig.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux