Hannu Krosing wrote:
>> If we compile it with --enable-selinux, it has two working modes
>> controled by a guc option: sepostgresql (bool).
>> If it is disabled, all the sepgsqlXXXX() invocations returns at
>> the head of themself without doing anything.
>>
>> I believe this behavior follows the previous suggestion.
>
> Have you been able to measure any speed difference between
> --enable-selinux on and off ?
At the last night, I measured TPS by pgbench in three cases:1) A binary compiled without --enable-selinux2) A binary
compiledwith --enable-selinux, runtime disabled3) A binary compiled with --enable-selinux, runtime enabled
Then, I cannot observe statically meaningful differences here.
* EnvironmentCPU: Core2Duo E6400 (2.13GHz)Mem: 2048MBkernel: 2.6.28-3.fc11.i686
* Parameters- shared_buffers = 512MB- rest of parameters are in the default
* Benchmarch% pgbench -i -s 10 postgres% pgbench -c 2 -t 100000 postgres ---> 6 times
* Results(1) compiled without --enable-selinux1st: 478.5655692nd: 478.2233913rd: 442.3656364th: 468.9884995th:
482.1738366th:448.208615
-----------------AVG: 466.420924 (STD: 17.0404)
(2) compiled with --enable-selinux, runtime disabled1st: 469.0057772nd: 485.6020913rd: 449.0961234th: 460.6573685th:
476.7919236th:444.027405
-----------------AVG: 464.196781 (STD: 16.0456)
(3) compiled with --enable-selinux, runtime enabled1st: 462.7022422nd: 473.3120133rd: 442.2143474th: 468.4656145th:
473.4986826th:468.973759
-----------------AVG: 464.861109 (STD: 11.7768)
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>