The Performance Cost To SELinux On Fedora 31
Following the recent AppArmor performance regression in Linux 5.5 (since resolved), some Phoronix readers had requested tests out of curiosity in looking at the performance impact of Fedora's decision to utilize SELinux by default. Here is how the Fedora Workstation 31 performance compares out-of-the-box with SELinux to disabling it.
By default Fedora runs with SELinux enabled in an enforcing and targeted mode. But by booting with selinux=0 as a kernel parameter or editing /etc/selinux/config it's possible to outright disable the Security Enhanced Linux functionality or change its operating mode.
For the purposes of this testing, a Ryzen Threadripper 3970X was running Fedora 31 on the Linux 5.3 kernel with all stable updates as of testing time. No changes were made between test runs besides disabling SELinux. Via the Phoronix Test Suite a wide variety of workloads were conducted to see the performance impact.