On Wed, 2005-03-09 at 09:58 -0600, Serge Hallyn wrote: > At last here are a few results. I am comparing > > 1) a stock 2.6.11-rc5 kernel with selinux+capabilities, > 2) 2.6.11-rc5 with stacker + selinux + cap_stack > 3. 2.6.11-rc5 with modified stacker + selinux + cap_stack > > The modified stacker creates a list_head for each LSM hook and adds a > module's hook to the list only if it is defined. This way we don't have > to check for (module->operation) for each module on each hook call. > This results in performance on macrobenchmarks (kernel compile) which > actually seems on par with or slightly better than non-stacker. Lmbench > results (attached) for some reason do not back this up. I can't explain > those results. Might just try a whole new set of lmbench tests, in case > I left some service enabled. In the past, we haven't found kernel compile benchmark to be very revealing for SELinux performance analysis. dbench results would be of interest. More generally, you might want to repeat the tests done for the AVC RCU work, see http://marc.theaimsgroup.com/?l=linux-kernel&m=110054824004161&w=2 -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Mar 09 2005 - 08:22:14 PST