Does SELinux Have Much Of A Performance Impact On Fedora 23?
Going back many years, SELinux would receive much criticism over slowing down the system's performance and causing an assortment of other problems. In the early days of Fedora it would often be wise to disable Security Enhanced Linux, but in the past few years it's been in good shape. With modern hardware, is there much of a performance impact in keeping SELinux enabled?
Yesterday when running some quick Ubuntu 15.10 vs. Fedora 23 benchmarks it was an out-of-the-box / default comparison, like I usually do to try to keep things fair and reproducible, which means Ubuntu has AppArmor and Fedora has SELinux active. However, as with most of my benchmarking articles, there are at least a few people who go through The Five Stages of Benchmark Loss.
The first comment to yesterday's Fedora vs. Ubuntu comparison said, "Those comparisons are not really fair: Fedora has SELinux turned on by default while Ubuntu has not." However, this was an out-of-the-box comparison and the security defaults are part of the decision made by the distribution vendor. Beyond that, the Ubuntu 15.10 vs. Fedora 23 results on this Skylake Xeon E3 system were for the most part quite similar and not showing anything with Fedora at a disadvantage. Additionally, my recent benchmarks of modern SELinux have found its performance impact to be minimal.
Anyhow, I decided to run a fresh SELinux comparison anyways for kicks. Rather than using the very fast Xeon E3 1245 v5 system, I decided to do a clean install of Fedora 23 onto an Intel Haswell ultrabook as it's slower so any impact of SELinux should be more pronounced. I did one run of Fedora 23 out-of-the-box and then once again when disabling SELinux.
Graphics/gaming tests saw no performance impact due to SELinux...
With CPU bound workloads there really is no change in performance with Security Enhanced Linux...
With disk benchmarks there can be some small overhead due to SELinux, but not in all cases like shown with SQLite.
You can see all of these benchmark results and more comparing SELinux via this OpenBenchmarking.org result file, but the data is pretty boring with the results being as expected of Security Enhanced Linux not greatly affecting the overall Fedora performance.