On Thu, 2008-03-20 at 21:47 +0530, Rahul Sundaram wrote: > Hi, > > Is there any performance differences between having selinux disabled via > a the configuration file vs disabling it in the bootloader? If so. is > this considered a bug? There shouldn't be any difference - the late disable unregisters the SELinux LSM hooks and NetFilter hooks altogether, so SELinux is no longer on the code path for the kernel operations. Back in Fedora Core 2 days, there was a big difference, because the /etc/sysconfig/selinux disable wasn't a real disable - it just booted permissive with no policy loaded. The runtime disable support in the kernel came later and was included in Fedora Core 3 and later. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
