Re: FC4 kernel performance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 24 June 2005 01:46, Rudi Chiarito <nutello@xxxxxxxxxxxxx> wrote:
> On Thu, Jun 23, 2005 at 11:08:25AM -0400, Paul A Houle wrote:
> > desktop systems in a deade.  Linux 2.6 is ready,  but is SELinux?
>
> It depends on what you are doing. With some floating-point intensive
> code running on a cluster of FC3 dual Opterons, I wasn't able to measure
> SELinux overhead in a reliable manner. It seemed to be lost in the noise

When the CPU is busy executing application code that does not perform any 
system calls there should not be any SE Linux CPU overhead.  So any code that 
is doing calculations (regardless of whether it's integer or floating point) 
and nothing else should not be impacted by SE Linux.  One area of overhead is 
in memory use, the SE Linux policy is stored in non-pageable kernel memory.  
If you have only a small amount of memory on the system (64M or less) then 
the memory taken by the SE Linux policy can have an impact on performance 
leading to paging of application data when otherwise it might not page such 
data or in OOM on machines without a swap space enabled.  The "strict" policy 
(which is not installed by default) will not run on a machine with 64M of RAM 
unless you do some significant tweaks.  The "targeted" policy is less 
complex, smaller, and uses less RAM.

> Code that is more disk- and network-intensive should be of course result
> in different observations.

Code that is disk intensive should not be an issue either.  The shortest time 
for a seek is about 5ms.  The most complex SE Linux access check will not 
take a fraction of 5ms so the performance impact should not be measurable.

Where the SE Linux performance impact is measurable is in network operations 
and IPC (including pseudo-tty).  These are operations that involve SE Linux 
access checks and have operations occurring much more frequently than any 
hard disk can sustain.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux