Re: The price of SELinux (CPU)

From: Bill Davidsen
Date: Tue Oct 04 2005 - 15:36:03 EST

Next message: Mark Knecht: "Re: 2.6.14-rc3-rt2"
Previous message: linas: "Re: [PATCH] ppc64: Crash in DLPAR code on PCI hotplug add"
In reply to: Dan C Marinescu: "Re: The price of SELinux (CPU)"
Next in thread: Dan C Marinescu: "Re: The price of SELinux (CPU)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan C Marinescu wrote:

the benchmark "results" _look_ like being authored by
some qa engineers... or sysadmins or something...

*** only a deep/intimate knowledge of kernel and fs
and acl implementation details and many other areas
could suggest a credible conclusion (most likely
without even needing any "profiling" at all... on pure
theoretical basis, mostly because you would know what
goes where and when and how and why and how much it
adds here and there, etc, etc, etc)

Any results not based on actual measurement are called "guesses" rather than "data." Such deep knowlege is useful to determine what to measure, not what you would measure if you thought it were necessary.

The measurements are very useful, in that they show the magnitude of the performance impact using a benchmark which was constructed to emulate certain real world loads. Since no one number or even series of numbers can fully describe what *will* happen, but these numbers show what *could* happen.

and i personally have a strong doubt that if the cpu
activity was statistically increased with 7% for the
very same elementary I/O, linus would have accepted
this degradation... my $0.02... :-)

For some applications the issue isn't how fast the O/S runs, but if it is secure enough to be run at all. Given the speed of even commodity computers, it's probable that even a 2:1 slowdown would still result in useful operation, compared to doing the work without a computer.

I can't speak for Linus' thinking of course, but I have worked in secure environments before, both DOD and DOE, and information control is vital.

--
-bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Knecht: "Re: 2.6.14-rc3-rt2"
Previous message: linas: "Re: [PATCH] ppc64: Crash in DLPAR code on PCI hotplug add"
In reply to: Dan C Marinescu: "Re: The price of SELinux (CPU)"
Next in thread: Dan C Marinescu: "Re: The price of SELinux (CPU)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]