Re: Penalty of SELinux?

[Mike McCarty <Mike.McCarty@sbcglobal.net>]

Manoj Srivastava wrote:
> On Sun, 23 Sep 2007 11:14:57 -0400, Douglas A Tutty
> <dtutty@porchlight.ca> said:  
>
> > On small systems, what about the penalty of just larger binaries?  I
> > have some older boxes with 16-64 MB ram.
>
>         Firstly: Very few packages have been actively patched to link

Something like 50 or so. ls, mv, cp, etc.

>  with selinux. Second, the selinux libraries are shared libs -- so the
>  actual binary is not significantly increased in size (well, dpkg is the
>  exception, since it is linked statically with selinux).

It does have to be in memory, however.

>         My Pentium II box with 64MB of ram seems to run in SELinux
>  strict mode just fine -- it is my firewall.

Good for you.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!