How best get rid of SELinux?
Ralf Corsepius
rc040203 at freenet.de
Fri Sep 21 17:07:15 UTC 2007
On Fri, 2007-09-21 at 10:44 -0500, Mike McCarty wrote:
> Matthew Miller wrote:
> > On Thu, Sep 20, 2007 at 11:49:41PM -0400, David Boles wrote:
> > If you do this, are you still paying the performance penalty but with no
> > security gain?
>
> Depends on what you mean by "performance penalty".
> One measure of performance is RAM utilization. If SELinux is
> built into the distro, then it eats RAM regardless of whether
> it be "enforcing". Furthermore, some of the code in it
> gets executed, no matter what.
What you say is right on the spot. I have a low end (i586) machine which
kills itself by running out of memory during selinux-policy updates or
relabel actions.
Ralf
More information about the fedora-list
mailing list