Re: Penalty of SELinux?
On Mon, 24 Sep 2007 18:21:16 -0500, Mike McCarty <Mike.McCarty@sbcglobal.net> said:
> Manoj Srivastava wrote:
>> On Sun, 23 Sep 2007 11:14:57 -0400, Douglas A Tutty
>> <dtutty@porchlight.ca> said:
>>
>>> On small systems, what about the penalty of just larger binaries? I
>>> have some older boxes with 16-64 MB ram.
>>
>> Firstly: Very few packages have been actively patched to link
> Something like 50 or so. ls, mv, cp, etc.
Source packages. All those are from coreutils, no?
>> with selinux. Second, the selinux libraries are shared libs -- so the
>> actual binary is not significantly increased in size (well, dpkg is
>> the exception, since it is linked statically with selinux).
> It does have to be in memory, however.
>> My Pentium II box with 64MB of ram seems to run in SELinux strict
>> mode just fine -- it is my firewall.
> Good for you.
Right. But a few hundred KB in memory is a smallish penalty, and
even 708 old hardware seems to be running it fine for me.
manoj
--
"The chain which can be yanked is not the eternal chain." Fitch
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: