The Cost of SELinux, Audit, & Kernel Debugging
When benchmarking development releases of Fedora in particular, they often end up being much slower than the final build and perform lower when compared against some of the other leading desktop distributions. As we have mentioned in previous articles, this is generally due to the debugging support enabled within the development builds of Fedora. To see just what the performance cost is, we have compared the Fedora 11 performance of the normal kernel against the kernel-debug package. Additionally, we also compared the performance when disabling SELinux and system auditing support.
Our test system for this article was an ASRock NetTop ION 330, which is made up of an Intel Atom 330 dual-core CPU, an ASRock AMCP7A-ION motherboard, 2GB of DDR2 system memory, a 320GB Seagate ST9320325AS SATA 2.0 drive, and the NVIDIA GeForce 9400M ION graphics.
Fedora 11 x86_64 was running with the Linux 2.6.29 kernel, GNOME 2.26.1, X Server 1.6.2 RC1, the NVIDIA 190.18 display driver, GCC 4.4.0, and an EXT4 file-system. Besides what we were testing in this article, all of the settings and packages were left stock. For our benchmarking we used version 2.0 of the Phoronix Test Suite.
The tests we ran in looking at the Fedora Linux performance under the different conditions were World of Padman, Apache Benchmark, LAME MP3 encoding, FFmpeg, Bwfirt, timed Hmmer Search, Threaded I/O Tester, PostMark, Dbench, GraphicsMagick, Crafty, dcraw, SQLite, and PostgreSQL pgbench. The "Stock" results were obtained when running Fedora 11 with all of its stock options/packages. The "No SELinux or Audit" was obtained when both SELinux and Audit were disabled at boot-time, but besides that was the same configuration as "Stock". Lastly, the "Kernel Debug" results were recorded when installing the kernel-debug package for the same kernel version and while SELinux and Audit returned to their default state of being enabled. The kernel-debug package contains all of the debugging code that the standard kernel does not.