performance loss with selinux?

Stephen Smalley sds at tycho.nsa.gov
Fri Jun 24 12:25:44 UTC 2005


On Fri, 2005-06-24 at 05:55 +0200, Vassilios Kotoulas wrote:
> hi all,
> 
> I run a postgres server with permanent very high disk and network load.
> I would like to enable selinux but I can't afford any loss of
> performance. Does selinux bring a noticeable performance loss?

There is performance overhead from SELinux, but I don't know precisely
how it will affect your workload.  Possibly more importantly, enabling
SELinux on a production system is a delicate operation when you haven't
had it enabled from the beginning; you'll need to label your
filesystems, and some tuning of your policy may be necessary for your
particular functionality.  Best thing to do is to try it out on a test
box first, and simulate a similar load on it based on data collected
from your production server to assess the impact.

-- 
Stephen Smalley
National Security Agency




More information about the users mailing list