On Monday 28 February 2005 05:24, Doran Barton <fozz@xxxxxxxxxxxxxx> wrote: > Do you need SELinux? It is guaranteed to slow down the boot process and > hinder performance in general. If you don't need it, edit the > /etc/sysconfig/selinux file, disable it, and reboot. How much has performance improved in your tests from making such a change? What hardware do you run? My experience is that apart from some corner cases SE Linux does not have enough overhead to impact performance in any notable way and that good benchmarks are required to detect any difference. One corner case is for a machine that is low on memory. If you load a large policy (such as the "strict" policy which incidentally is not the default for Fedora) on a machine with a small amount of memory then you may have some performance issues. On a machine with 64M of RAM and a slow hard disk the strict policy will cause some performance problems, but the targeted policy should be fine. If you have 128M or more I doubt that SE Linux will have any noticable impact. At http://www.coker.com.au/selinux/talks/ols2003/ I have the paper I presented at OLS on running SE Linux on an iPaQ PDA. You may want to read the paper if you are concerned about the impact of SE Linux on small machines. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page