On Fri, 2005-06-24 at 05:55 +0200, Vassilios Kotoulas wrote: > hi all, > > I run a postgres server with permanent very high disk and network load. > I would like to enable selinux but I can't afford any loss of > performance. Does selinux bring a noticeable performance loss? There is performance overhead from SELinux, but I don't know precisely how it will affect your workload. Possibly more importantly, enabling SELinux on a production system is a delicate operation when you haven't had it enabled from the beginning; you'll need to label your filesystems, and some tuning of your policy may be necessary for your particular functionality. Best thing to do is to try it out on a test box first, and simulate a similar load on it based on data collected from your production server to assess the impact. -- Stephen Smalley National Security Agency
