Daniel J Walsh wrote:
Darwin H. Webb wrote:
Daniel J Walsh wrote:
Jack Null wrote:
I have a RHEL4U4 server that will become an Oracle 10gR2 server in
three weeks. Almost all of the documentation I have seen about
installing oracle on a selinux enabled server says to turn off
selinux. Only 1 document said that oracle and selinux can function
together. So can oracle and selinux play nice or do I have to turn
it off?
They should be able to play nice. The only place they might hit
would be if there is a web interface.
Oracle might also be seeking to eek out every bit of performace.
SELinux can add some load between 2-20% depending on which
performance test you run.
Thanks,
Adam
_________________________________________________________________
Find sales, coupons, and free shipping, all in one place! MSN
Shopping Sales & Deals
http://shopping.msn.com/content/shp/?ctid=198,ptnrid=176,ptnrdata=200639
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
"Oracle might also be seeking to eek out every bit of performace.
SELinux can add some load between 2-20% depending on which
performance test you run."
I thoht SELinux's overhead was only for the transitions and file
access thereby being a small amount of this total time (est. at 7%
untuned.)
All access is being checked including things like network traffic. So
if the application is doing something the kernel would require an
access check on, SELinux will have some overhead. The 20% figure, I
believe, comes from Network through put tests. So running a router
with SELinux might not be a great idea.
The web app would be using Oracle's security with a MyWebAppUsername.
Yes / No?
Could you explain this overhead and where and what is doing it, please.
I don't see where it would be any greater than 7% of the volume of
transitions and file accesses (which would be different web files.
And that would be an Apache overhead whether a DBMS was being used or
not.
Thank you,
Darwin
The tests at this link show about an overall 7%.
http://people.redhat.com/jmorris/selinux/bench/results/summary.txt
The only 2 tests that look strange are pipes and the 2 procs tbench tests.
This is from 2003, do you know if anyone has run this again with the
newer security checks and gncc 4.1.1?
These 2 tests could have been a fluc (1,3,4 procs were not affected.)
The overhead of SELinux would increase proportional to the volume, but
not increase dis-proportionally except for possibly some interaction at
some load point near total saturation of most resources, This usually is
a sign of queues being dumped and reestablished.
Darwin
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
