The Performance Cost To SELinux On Fedora 31

Written by Michael Larabel in Software on 19 January 2020 at 02:10 PM EST. Page 1 of 4. 22 Comments.

Following the recent AppArmor performance regression in Linux 5.5 (since resolved), some Phoronix readers had requested tests out of curiosity in looking at the performance impact of Fedora's decision to utilize SELinux by default. Here is how the Fedora Workstation 31 performance compares out-of-the-box with SELinux to disabling it.

By default Fedora runs with SELinux enabled in an enforcing and targeted mode. But by booting with selinux=0 as a kernel parameter or editing /etc/selinux/config it's possible to outright disable the Security Enhanced Linux functionality or change its operating mode.

For the purposes of this testing, a Ryzen Threadripper 3970X was running Fedora 31 on the Linux 5.3 kernel with all stable updates as of testing time. No changes were made between test runs besides disabling SELinux. Via the Phoronix Test Suite a wide variety of workloads were conducted to see the performance impact.

Related Articles
Linux 6.13 Features: AutoFDO+Propeller Optimizations, Many AMD Additions & SDUC + NVMe 2.1 Support
AMD BIOS Tuning Guide Impact For Boosting AI/ML Performance On EPYC 9005 Series
New AMD ERAPS Feature Yields Additional Performance Gains On Zen 5
Initial Benchmarks Of The AMD AOCC 5.0 Compiler On 5th Gen EPYC
Linux 6.12 Features Are Super Exciting With Real-Time, Sched_ext, Intel Xe2 & Raspberry Pi 5
AmpereOne Performance With GCC vs. LLVM Clang Compilers