Hi Folks
Can someone here speak knowledgeably from an implementation perspective on running selinux on high performance compute nodes?
I would be interested in all of the following topics.
* Performance tuning / benchmarking / baselining
* Enabling MLS / MCS, and writing lots of custom policy around MLS and MCS.
* Performance impact differences between policy targeted, and MLS
* Integration with a directory server where selinux users / objects are mapped to directory objects
* Integration with netfilter / connection tracking
* Doing things to reduce overhead / IO like disabling AVC logging and auditing. Perhaps with well tested policies.
* Tips for keeping policies as small as possible, avoiding redundancy and bench marking policy performance.
* Storing policies in ram based file systems.
* Other tips and tricks for optimizing performance in regard to selinux.
I don't yet know anything about the types of workloads that they intend to run.
The request for information is coming from an external entity.
My understanding from reading through the fedora selinux project wiki is that performance can be a difficult thing to measure and troubleshoot.
I appreciate any advice, thoughts, lessons learned.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
