From: Russell Coker <russell@coker.com.au>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Justin Mattock <justinmattock@gmail.com>, selinux@tycho.nsa.gov
Subject: Re: s.m.a.c.k
Date: Sun, 17 Feb 2008 21:15:06 +1100 [thread overview]
Message-ID: <200802172115.08256.russell@coker.com.au> (raw)
In-Reply-To: <1202992307.16038.69.camel@moss-spartans.epoch.ncsc.mil>
On Thursday 14 February 2008 23:31, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> SELinux imposes a performance overhead, but it shouldn't especially
> affect power consumption. You might be thinking of bugs in certain
> SELinux-related daemons, like setroubleshootd in Fedora, that caused it
> to spin.
There are a couple of cases where SE Linux will increase power use.
One is the case of broken applications that go into an infinite loop when
confronted with an unexpected EPERM. If you have a power hungry CPU (P4 or
P-D) then a single process doing that can cost a significant amount of power.
Another is the issue of auditing. When SE Linux denies an operation and
doesn't have a dontaudit rule the event will be logged. This involves some
CPU use by the kernel and syslogd or auditd and then some disk IO. Obviously
in those cases more power is used than otherwise.
Ideally neither of these situations would ever occur on your machines, and in
practice they are quite uncommon.
The vast majority of SE Linux access control decisions (on a system without
Security Enhanced X) will concern system calls. On most systems the majority
of power is taken by IO (moving disk heads takes energy) and application
computation (Firefox on my system has accumulated 24 DAYS of CPU time).
Neither application computation nor disk IO will be affected by SE Linux
(except in the cases of looping programs and logging).
On my desktop machine nothing other than Firefox matters for electricity use.
The servers I run at the moment are mostly idle so the electricity use would
be pretty close to the minimum for an idle system.
--
russell@coker.com.au
http://etbe.coker.com.au/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-02-17 10:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-14 2:22 s.m.a.c.k Justin Mattock
2008-02-14 4:25 ` SELinux power consumption (was Re: s.m.a.c.k) James Morris
2008-02-14 12:51 ` Daniel J Walsh
2008-02-14 12:31 ` s.m.a.c.k Stephen Smalley
2008-02-17 10:15 ` Russell Coker [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-02-14 16:19 s.m.a.c.k Justin Mattock
2008-02-13 19:40 s.m.a.c.k Justin Mattock
2008-02-13 19:49 ` s.m.a.c.k Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200802172115.08256.russell@coker.com.au \
--to=russell@coker.com.au \
--cc=justinmattock@gmail.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.