Darwin H. Webb wrote:
Daniel J Walsh wrote:
Jack Null wrote:
I have a RHEL4U4 server that will become an Oracle 10gR2 server in
three weeks. Almost all of the documentation I have seen about
installing oracle on a selinux enabled server says to turn off
selinux. Only 1 document said that oracle and selinux can function
together. So can oracle and selinux play nice or do I have to turn
it off?
They should be able to play nice. The only place they might hit
would be if there is a web interface.
Oracle might also be seeking to eek out every bit of performace.
SELinux can add some load between 2-20% depending on which
performance test you run.
Thanks,
Adam
_________________________________________________________________
Find sales, coupons, and free shipping, all in one place! MSN
Shopping Sales & Deals
http://shopping.msn.com/content/shp/?ctid=198,ptnrid=176,ptnrdata=200639
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
"Oracle might also be seeking to eek out every bit of performace.
SELinux can add some load between 2-20% depending on which performance
test you run."
I thoht SELinux's overhead was only for the transitions and file
access thereby being a small amount of this total time (est. at 7%
untuned.)
All access is being checked including things like network traffic. So
if the application is doing something the kernel would require an access
check on, SELinux will have some overhead. The 20% figure, I believe,
comes from Network through put tests. So running a router with SELinux
might not be a great idea.
The web app would be using Oracle's security with a MyWebAppUsername.
Yes / No?
Could you explain this overhead and where and what is doing it, please.
I don't see where it would be any greater than 7% of the volume of
transitions and file accesses (which would be different web files. And
that would be an Apache overhead whether a DBMS was being used or not.
Thank you,
Darwin
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
