[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Summary of my Fedora 9 Boot Time Testing

On Fri, 2008-04-04 at 12:14 +0200, Harald Hoyer wrote:
> Harald Hoyer wrote:
> > Turning off selinux and related services saves 10s overall boot time. 
> > Trading off security with boot time. I don't know. But maybe a good 
> > starting point for optimization.
> Boot time:
> 35s without selinux  and without auditd
> 40s with selinux + auditd + restorecond
> 45s with selinux + auditd + restorecond + setroubleshootd
> I can live without setroubleshootd..

auditd and restorecond are also optional for selinux.  mcstransd should
be optional as well for selinux.  None of them existed originally for
selinux; they are all later add-ons.

In the absence of auditd, SELinux avc messages just go
to /var/log/messages instead.

In the absence of restorecond, you might find certain files will be left
mislabeled when re-created, although usually that gets covered
automatically by policy.  But you can always restorecon them by hand as

In the absence of mcstransd, the MCS/MLS label component (:s0) will be
visible and you won't have mapping support for translating categories to
more meaningful names.  But you don't really need it if not using
categories for anything.

Stephen Smalley
National Security Agency

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]