On a default Fedora installation, every system call incurs a fair amount of overhead due to syscall auditing. This happens despite the fact that syscalls aren't actually audited, except as part of AVC denials. The overhead is something like 20-40ns per syscall, and the total time to do a simple syscall with auditing completely disabled is about 70ns on my laptop. So this is actually a large effect. What would people think about changing the default audit rules to add something like '-t task,never'? This would remove the overhead, but it would come at the cost of removing the syscall records from /var/log/audit/audit.log when an AVC denial occurs. This could make debugging selinux errors a bit harder, but it would be easy for users to re-enable full auditing. I've been playing with fixing this in the kernel, but it's a mess. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
