Re: RSBAC performance in Linux 2.4.10

From: Amon Ott <ao@rsbac.org>
Subject: Re: RSBAC performance in Linux 2.4.10
Date: Tue, 15 Jan 2002 09:42:41 +0100

Next Article (by Date): mount troubles Arkady A Drovosekov
Previous Article (by Date): Re: RSBAC performance in Linux 2.4.10 Amon Ott
Top of Thread: RSBAC performance in Linux 2.4.10 Pontus Lidman
Next in Thread: Re: RSBAC performance in Linux 2.4.10 Pontus Lidman
Articles sorted by: [Date] [Author] [Subject] 

On Monday, 14. January 2002 17:33, Amon Ott wrote:
> On Sunday, 13. January 2002 16:55, Pontus Lidman wrote:
> > I'm timing 'updatedb' on an old AMD K6-200, 96M of RAM, with 2
> > IDE-disks, DMA is turned off.
> >
> > This is the result running Linux 2.4.10 without RSBAC:
> >
> > h83:~# time updatedb
> >
> > real    14m55.528s
> > user    0m11.730s
> > sys     0m17.350s
> >
> > Compare to the result running Linux 2.4.10 with rsbac 1.1.2 patch:
> >
> > h83:~# time updatedb
> > /usr/bin/find: /var/rsbac: Operation not permitted
> > /usr/bin/find: /usr/rsbac: Operation not permitted
> > /usr/bin/find: /home/rsbac: Operation not permitted
> > /usr/bin/find: /rsbac: Operation not permitted
> > /usr/bin/find: /reiser/rsbac: Operation not permitted
> >
> > real    84m25.020s
> > user    0m18.350s
> > sys     70m19.230s
> >
> > The difference is quite significant... is this consistent with others
> > experiences?
>
> Is the 'Intercept Read/Write' switch turned on? Turning it off makes a big
> difference, without loosing much security. The fast benchmark results were
> with this option turned off.
>
> Also, MS module with Read-Open scanning really sucks for performance.
>
> Of interest: Did you look into your /proc/rsbac-info/xstats, what calls are
> made too often? How many attribute objects do you have
> (/proc/rsbac-info/stats)?

Just rethinking: what updatedb does is an awful lot of readdir() system 
calls, with one READ request each, going through all dir objects in the 
system. This is a kind of worst case szenario, which should certainly be 
optimized.

Amon.
--
http://www.rsbac.org
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): mount troubles Arkady A Drovosekov
Previous Article (by Date): Re: RSBAC performance in Linux 2.4.10 Amon Ott
Top of Thread: RSBAC performance in Linux 2.4.10 Pontus Lidman
Next in Thread: Re: RSBAC performance in Linux 2.4.10 Pontus Lidman
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.