The Performance Cost To SELinux On Fedora 31

Written by Michael Larabel in Software on 19 January 2020 at 02:10 PM EST. Page 1 of 4. 22 Comments.

Following the recent AppArmor performance regression in Linux 5.5 (since resolved), some Phoronix readers had requested tests out of curiosity in looking at the performance impact of Fedora's decision to utilize SELinux by default. Here is how the Fedora Workstation 31 performance compares out-of-the-box with SELinux to disabling it.

By default Fedora runs with SELinux enabled in an enforcing and targeted mode. But by booting with selinux=0 as a kernel parameter or editing /etc/selinux/config it's possible to outright disable the Security Enhanced Linux functionality or change its operating mode.

For the purposes of this testing, a Ryzen Threadripper 3970X was running Fedora 31 on the Linux 5.3 kernel with all stable updates as of testing time. No changes were made between test runs besides disabling SELinux. Via the Phoronix Test Suite a wide variety of workloads were conducted to see the performance impact.

Related Articles