On 23/06/11 14:45, Daniel J Walsh wrote: > On 06/23/2011 08:58 AM, Pádraig Brady wrote: >> On 23/06/11 12:28, Lennart Poettering wrote: >>> On Thu, 23.06.11 12:58, yersinia (yersinia.spi...@gmail.com) wrote: >>> >>>> Greetings >>>> >>>> Perhaps it is of interest to this list that Phonorix has produced a new >>>> benchmark about the performance impact of SELinux on >>>> Fedora 15. Look very good >>>> http://www.phoronix.com/scan.php?page=article&item=fedora_15_selinux&num=2. >>> >>> The biggest impact it has on boot time really. Might be worth measuring >>> that. > >> A work colleague here did that a couple of days ago. >> To boot to a usable desktop with stock F15 with gdm auto login: > >> with selinux: 43s >> without selinux: 24s > >> Hardware is pinetrail netbook (1.6GHz Atom N455). >> 2GB RAM and SSD limited by SATA I interface.
Repeating the above on my F15 sandy bridge i3 laptop shows a much closer result: with selinux: 18s without selinux: 14s > We have found one problem in libselinux that could account for some of > the slowdown, but not much, this increases the spead of matchpathcon. > We have fixed this in F16. > > Tests conducted in Rawhide. > > systemd reads in policy file and loads it in the kernel. > > # du -m /etc/selinux/targeted/policy/policy.26 > 7 /etc/selinux/targeted/policy/policy.26 > > The load_policy command on my T61 does pretty much the equivalent. > > # time load_policy > > real 0m7.483s > user 0m0.000s > sys 0m2.255s > > systemd and udev both load the file_context files and create regexs > based on these files. matchpathcon does the equivalent. > > time matchpathcon /dev > /dev system_u:object_r:device_t:s0 > > real 0m0.069s > user 0m0.012s > sys 0m0.021s > > Obviously this is a more powerful machine then the Atom, but I would > figure loading of the policy is the culprit. snb# time matchpathcon /dev /dev system_u:object_r:device_t:s0 real 0m0.101s user 0m0.096s sys 0m0.004s snb# time load_policy real 0m1.553s user 0m0.000s sys 0m0.483s atom# time matchpathcon /dev /dev system_u:object_r:device_t:s0 real 0m1.036s user 0m1.012s sys 0m0.019s atom# time load_policy about 4s cheers, Pádraig. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
