On Wed, Sep 29, 2004 at 11:47:20PM +0200, Christoph Hellwig wrote: > On Wed, Sep 29, 2004 at 10:54:21PM +0100, Luke Kenneth Casson Leighton wrote: > > On Wed, Sep 29, 2004 at 10:33:28PM +0200, Christoph Hellwig wrote: > > > On Wed, Sep 29, 2004 at 09:14:20PM +0100, Luke Kenneth Casson Leighton > > > wrote: > > > > it's not a severe performance penalty. > > > > > > > > especially when it's disabled by default with "selinux=0". > > > > > > Yes, all the indirect calls due to CONFIG_SECURITY are a performance > > > penalty. > > > > ... of about 2%. > > > > sufficiently insignificant for both redhat _and_ suse to have > > started shipping, six months ago, kernels with selinux compiled in and > > disabled by default. > > It's more like 5% for the benchmarks I've seen (from HP), and yes, they > complained to SuSE loudly because of that. 2%, 5% - it's not 10% and it's not 20% is is?
20%+ is a severe performance penalty. ... what's the cutoff point at which a decision can be made to encourage people to take security seriously rather than to believe speed is all-important? if people _desperately_ need their 5% performance back, they can compile the kernel - and all applications - with gcc 3.4 or greater, using arguments specifically tailored for their architecture, and they can use prelink. that way they will get, like the new yoper distribution and like gentoo, a whopping great performance boost. l. -- -- Truth, honesty and respect are rare commodities that all spring from the same well: Love. If you love yourself and everyone and everything around you, funnily and coincidentally enough, life gets a lot better. -- <a href="http://lkcl.net";> lkcl.net </a> <br /> <a href="mailto:[EMAIL PROTECTED]"> [EMAIL PROTECTED] </a> <br />
