[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Performance difference

From: Stephen Smalley <sds tycho nsa gov>
To: Rahul Sundaram <sundaram fedoraproject org>
Cc: fedora-selinux-list redhat com
Subject: Re: Performance difference
Date: Thu, 20 Mar 2008 12:42:14 -0400

On Thu, 2008-03-20 at 21:47 +0530, Rahul Sundaram wrote:
> Hi,
> 
> Is there any performance differences between having selinux disabled via 
> a the configuration file vs disabling it in the bootloader? If so. is 
> this considered a bug?

There shouldn't be any difference - the late disable unregisters the
SELinux LSM hooks and NetFilter hooks altogether, so SELinux is no
longer on the code path for the kernel operations.

Back in Fedora Core 2 days, there was a big difference, because
the /etc/sysconfig/selinux disable wasn't a real disable - it just
booted permissive with no policy loaded.  The runtime disable support in
the kernel came later and was included in Fedora Core 3 and later.

-- 
Stephen Smalley
National Security Agency

References:
- Performance difference
  - From: Rahul Sundaram

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]