Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751185AbVJDFGE (ORCPT ); Tue, 4 Oct 2005 01:06:04 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751187AbVJDFGE (ORCPT ); Tue, 4 Oct 2005 01:06:04 -0400 Received: from web35501.mail.mud.yahoo.com ([66.163.179.125]:53658 "HELO web35501.mail.mud.yahoo.com") by vger.kernel.org with SMTP id S1751186AbVJDFGD (ORCPT ); Tue, 4 Oct 2005 01:06:03 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Rt2c94rsZkAa0rWrKEYoczt/RAn37JDaDoOeurStISSD3ei+p4Vy9TOi4laF4iF8QIpLGWcW1pE0s7giW18iOAIcqTYJ+oi5CxWJ5wOI2iFalNZYqR6sGG398JjjGLVF1dUCP2UwUvI4Kd/Ok4mhIzRVqZuuO7vhxNfkFQrkSJI= ; Message-ID: <20051004050602.10057.qmail@web35501.mail.mud.yahoo.com> Date: Mon, 3 Oct 2005 22:06:02 -0700 (PDT) From: Dan C Marinescu Subject: Re: The price of SELinux (CPU) To: John Richard Moser Cc: linux-kernel@vger.kernel.org In-Reply-To: <43420C1B.3020607@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4317 Lines: 153 i suggested you to disable selinux in order to have something to compare to... (engineers compare, measure, instead of believing in rummors...) d --- John Richard Moser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm not an abortionist; if I hear something has an > ugly side, I try to > find out if it can be fixed, and if the trade-off is > worth getting rid > of it. SELinux and LSM are quite useful you know; > the overhead is > probably not even that significant on the desktop to > gamers (although if > you TELL them about it they'll piss themselves), > from a practical > viewpoint considering their excessive hardware. > > Dan C Marinescu wrote: > > try selinux=0, _if u feel that way :-) > > > > about big o: > > > > > http://www.maththinking.com/boat/compsciBooksIndex.html > > > > daniel > > > > > > > > --- John Richard Moser > wrote: > > > > > > I've heard that SELinux has produced benchmarks > such > > as 7% increased CPU > > load. Is this true and current? Is it dependent > on > > policy? What is > > the policy lookup complexity ( O(1), O(n), > > O(nlogn)...)? Are there > > other places where a bottleneck may exist aside > from > > gruffing with the > > policy? Isn't the policy actually in xattrs so > it's > > O(1)? Where else > > would an overhead that big come from aside from a > > lookup in a table? > > > > .... > > > > Why is the sky blue? Why do you have a mustach? > > Why doesn't mommy have > > one? Does she shave it? > > > > At any rate, my personal end goal is a secure > > high-performance operating > > system, as user friendly as Ubuntu, Mandriva, or > > Win----. To this end, > > I'm (still; a lot of you have seen me before) > > evaluating the performance > > hit of various user and kernel security > enhancements > > like PaX, > > ProPolice, various OpenWall/GrSecurity niceness > that > > needs to be divided > > out, and of course LSM/SELinux. Also wondering > > about that PHKMalloc > > thing on openbsd; is it really all that, is it > junk, > > how's it compare to > > the recent ptmalloc work, and can it run on Linux > > for direct benching . > > . . but that's off topic. > > > > -- > > All content of all messages exchanged herein are > > left in the > > Public Domain, unless otherwise explicitly stated. > > > > Creative brains are a valuable, limited > > resource. They shouldn't be > > wasted on re-inventing the wheel when there > are > > so many fascinating > > new problems waiting out there. > > > -- > > Eric Steven Raymond > - - > To unsubscribe from this list: send the line > "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at > http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > > > __________________________________ > > Yahoo! Mail - PC Magazine Editors' Choice 2005 > > http://mail.yahoo.com > > > - -- > All content of all messages exchanged herein are > left in the > Public Domain, unless otherwise explicitly stated. > > Creative brains are a valuable, limited > resource. They shouldn't be > wasted on re-inventing the wheel when there are > so many fascinating > new problems waiting out there. > -- > Eric Steven Raymond > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - > http://enigmail.mozdev.org > > iD8DBQFDQgwahDd4aOud5P8RArHEAJ9GFTpKPX3BbAR9vF/UCxeqbXO8DQCgi3sC > R8bKVy1wxP2SiGJyc0MB4Xw= > =vvMx > -----END PGP SIGNATURE----- > - > To unsubscribe from this list: send the line > "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at > http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/