Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: dynamic context transitions - a seteuid parallel
From: Russell Coker <russell_at_coker.com.au>
Date: Wed, 3 Nov 2004 13:59:43 +1100
Which probably made a lot of sense for Xenix, an 80286 was not a particularly fast CPU. I've just done a quick test of exec time. For a process to exec itself it takes an average of .9ms per exec on a P3-650. In the past we have discussed at length issues related to modifying Samba for best operation under SE Linux. It seems to me that any disk sub-system you might find attached to a P3-650 class CPU is unlikely to support 1000 operations of the form of file create/open/unlink per second. So therefore if we were to have a Samba server process fork off a child for each file open we still probably wouldn't have the exec be the bottleneck for Samba performance. Now we have to keep in mind that doing a fork/exec for every file open isn't the best way of doing such things. If we create a helper process when the SMB authentication is performed and pass requests to it via a Unix domain socket then performance should be better. What is the trend in new CPUs? Are they getting worse or better for exec performance? The only machine better than a P3-800 that I have for testing is a pitiful P-M. What programs have the greatest performance requirements in terms of launching processes under a different context? I suspect that a Samba server with the design changes we discussed could be near the top of the list, with the main competitor being a busy web server that's launching cgi-bin scripts. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 2 Nov 2004 - 22:00:02 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |