Originally posted by Ericg
View Post
Announcement
Collapse
No announcement yet.
Does SELinux Have Much Of A Performance Impact On Fedora 23?
Collapse
X
-
I ran into some problems with SELinux on Fedora 23. I had installed Fedora on an SSD and then added a spinning platter drive. For some of the home directories, I moved the files to the spinning platter drive and symlinked to them. I had the same permissions on the target files, but SELinux didn't like that and blocked XFCE from writing to /media/sdb1/userx/.cache I monkeyed with the audit and policy tools for an hour before I gave up and moved the .cache file back to /home/userx/.cache
Comment
-
I never had performance issues with SeLinux back when I used Fedora. I did have compatibility issues, much like you have with Windows with UAC on. Programs that don't expect it try to do some "illegal" stuff and can't handle failing. Steam was the most notorious example, I always had to turn SeLinux off because of various Steam problems. This was also back in the early Steam for linux days, so it may not be like that these days.
Comment
-
Originally posted by macemoneta View PostI ran with SELinux enabled for about 8 years on multiple systems. I investigated every audit, wrote policies for local implementations as needed. In that time I realized that not one single event had been triggered by an actual problem. From that I concluded that our security policies were sufficiently effective, and disabled SELinux on all systems (except Android). The performance impact wasn't in the computing systems, it was in the human cost of administration.
Comment
-
Originally posted by eydee View PostI never had performance issues with SeLinux back when I used Fedora. I did have compatibility issues, much like you have with Windows with UAC on. Programs that don't expect it try to do some "illegal" stuff and can't handle failing. Steam was the most notorious example, I always had to turn SeLinux off because of various Steam problems. This was also back in the early Steam for linux days, so it may not be like that these days.All opinions are my own not those of my employer if you know who they are.
Comment
-
Originally posted by Ericg View PostCurrently use Steam on Fedora, no problems to report.
I've seen the video about "SELinux for mere mortals", but I still think SELinux should be disabled for the Workstation spin. It's just incompatible with casual desktop everyday use, it simply does not work out-of-the-box and pretty much need to have sysadmins skills to fix the ever happening problems.
Thomas Cameron — Chief Architect, Central US, Red Hat, Inc. In the past, security-enhanced Linux (SELinux) had a reputation as being hard to configure and ma...
Comment
Comment