Announcement

Collapse
No announcement yet.

Does SELinux Have Much Of A Performance Impact On Fedora 23?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Does SELinux Have Much Of A Performance Impact On Fedora 23?

    Phoronix: Does SELinux Have Much Of A Performance Impact On Fedora 23?

    Going back many years, SELinux would receive much criticism over slowing down the system's performance and causing an assortment of other problems. In the early days of Fedora it would often be wise to disable Security Enhanced Linux, but in the past few years it's been in good shape. With modern hardware, is there much of a performance impact in keeping SELinux enabled?..

    http://www.phoronix.com/scan.php?pag...SELinux-Impact

  • #2
    Michael, what about AppArmor performance impact?

    Comment


    • #3
      Originally posted by chilek View Post
      Michael, what about AppArmor performance impact?
      Last time I ran AppArmor tests, barely any impact either.... Could run some fresh ones if there's enough interest from readers, but first need to see how many comments and traffic this article gets for rather boring results with barely any change and the AppArmor results still likely to be that way.
      Michael Larabel
      http://www.michaellarabel.com/

      Comment


      • #4
        When disabling security checks yields slower code... you have to wonder what's broken about it in the first place.

        Comment


        • #5
          I ran with SELinux enabled for about 8 years on multiple systems. I investigated every audit, wrote policies for local implementations as needed. In that time I realized that not one single event had been triggered by an actual problem. From that I concluded that our security policies were sufficiently effective, and disabled SELinux on all systems (except Android). The performance impact wasn't in the computing systems, it was in the human cost of administration.

          Comment


          • #6
            Thanks!

            Nice that it's quantified now.
            Now we know :-)

            Comment


            • #7
              Selinux was written by the NSA. I do not trust it.

              Comment


              • #8
                Originally posted by fhuberts View Post
                Thanks!

                Nice that it's quantified now.
                Now we know :-)
                It's been quantified for 6+ years.... http://www.phoronix.com/scan.php?pag..._selinux&num=1
                Michael Larabel
                http://www.michaellarabel.com/

                Comment


                • #9
                  Originally posted by hoohoo View Post
                  Selinux was written by the NSA. I do not trust it.
                  Are you saying it's Not Safe Anymore? :P

                  Comment


                  • #10
                    Originally posted by hoohoo View Post
                    Selinux was written by the NSA. I do not trust it.
                    And it's been vetted, examined, audited, twisted and turned in every way imaginable for over a decade.

                    Comment

                    Working...
                    X