SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: XFS and SE Linux This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Nathan Scott <nathans_at_sgi.com> Date: Wed, 10 Mar 2004 12:34:56 +1100 Hi Russell, Thanks for sending this out. Couple of additions... On Wed, Mar 10, 2004 at 12:14:03AM +1100, Russell Coker wrote: > XFS defaults to an Inode size of 256 bytes and a block size of 4K on i386. These default values are platform independent. > The "security.selinux" xattr name and the data stored in it can apparently be > counted on to not fit into the <50 bytes left in a 256 byte Inode after all > the other meta-data is stored. This will mean that a new block is used for > the XATTR (which in 99.99% of all cases will be the only XATTR on the file). > > Using an extra 4K block per file is a significant waste of disk space, XFS > apparently does not support block sharing so you have 4K of disk space for 50 > bytes of data. It also amounts to a fairly significant performance hit, since there is additional I/O involved once the attributes are no longer inline. When we tweaked the ACL code to be more conscious of this issue, speedups were of the order 10x-12x IIRC. Heavy users of extended attributes should always use larger inode sizes with XFS. > If at mkfs time you make the Inode 512 bytes in size you will have enough > space for the SE Linux xattr. This will save huge amounts of space on a SE > Linux system as there will effectively be 256 bytes of overhead per file > instead of 4096. That extra inline space is also available for use by inline directory entries (and of course other extended attributes), so its not useless overhead either. cheers. -- Nathan -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 10 Mar 2004 - 14:14:47 EST This message: [ Message body ] Next message: liliping: "client and server identification" Previous message: Stephen Smalley: "Re: blocking security xattr changes when policy is not loaded" In reply to: Russell Coker: "XFS and SE Linux" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom