Bug#249510: acknowledged by developer (selinux in debian kernel)
On Wed, Sep 29, 2004 at 11:47:20PM +0200, Christoph Hellwig wrote:
> On Wed, Sep 29, 2004 at 10:54:21PM +0100, Luke Kenneth Casson Leighton wrote:
> > On Wed, Sep 29, 2004 at 10:33:28PM +0200, Christoph Hellwig wrote:
> > > On Wed, Sep 29, 2004 at 09:14:20PM +0100, Luke Kenneth Casson Leighton wrote:
> > > > it's not a severe performance penalty.
> > > >
> > > > especially when it's disabled by default with "selinux=0".
> > >
> > > Yes, all the indirect calls due to CONFIG_SECURITY are a performance
> > > penalty.
> >
> > ... of about 2%.
> >
> > sufficiently insignificant for both redhat _and_ suse to have
> > started shipping, six months ago, kernels with selinux compiled in and
> > disabled by default.
>
> It's more like 5% for the benchmarks I've seen (from HP), and yes, they
> complained to SuSE loudly because of that.
2%, 5% - it's not 10% and it's not 20% is is?
20%+ is a severe performance penalty.
... what's the cutoff point at which a decision can be made
to encourage people to take security seriously rather than
to believe speed is all-important?
if people _desperately_ need their 5% performance back, they
can compile the kernel - and all applications - with gcc 3.4
or greater, using arguments specifically tailored for their
architecture, and they can use prelink.
that way they will get, like the new yoper distribution and like
gentoo, a whopping great performance boost.
l.
--
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love. If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net";> lkcl.net </a> <br />
<a href="mailto:lkcl@lkcl.net";> lkcl@lkcl.net </a> <br />
Reply to: