Re: New stacker performance results

From: Crispin Cowan (crispin@private)
Date: Wed May 25 2005 - 19:30:29 PDT

Karl MacMillan wrote:
>>SELinux is big, slow, and complicated. Not everyone likes that. QED :)
>Not to take this comment too seriously, but are you referring to the security
>server currently provided by SELinux which implements TE or general framework
>provided by SELinux (FLASK)? It doesn't seem like you are making that
>distinction in your comments.
I have not done the detailed measurements to distinguish between the
FLASK layer and the TE layer. Most of the available information on
SELinux does not make such a distinction. The "big" comment is the size
of the module and the size of the set of associated utilities. The
"slow" comment is from SELinux's self-claimed overhead of 6-15% (Immunix
measures at 0-2%) as well as other anecdotal stories about poor
performance. The "complicated" remark comes from both the wide-spread
reputation that SELinux is very hard to use as well as direct
comparisons that we have done of trying to perform equivalent security
tasks with SELinux and Immunix.

Caveat: this "equivalent task" is to create a per-application policy,
what Red Hat calls the "targeted policy". Immunix was designed from the
outset to enforce a security model very similar to the targeted policy,
while SELinux is being pressed into service to do that. Conversely,
Immunix AppArmor was not designed to enforce anything like the SELinux
"strict policy", and making it do that would produce usability problems,
at the least.

All of which supports my point that there is more than one security
model that different users may want. LSM lets users choose the
appropriate model for them.

Crispin Cowan, Ph.D.            
Director of Software Engineering, Novell

This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 19:31:41 PDT