LSM performance measurement
Casey Schaufler
casey at schaufler-ca.com
Wed Jul 6 15:39:34 UTC 2022
On 7/6/2022 8:22 AM, Dmitry Kasatkin wrote:
> Hi,
>
> Could anybody suggest a good approach/test suite to measure LSMs
> runtime overheads?
I have used LMbench, ltp and kernel builds when checking the
overhead on the LSM stacking work. I have also tried timing the
SELinux, audit and Smack testsuites, but they all have built in
delays that make performance numbers questionable. Be sure to
include network throughput and latency measurements if you're
looking at SELinux and/or Smack. Also be sure that you have
meaningful policy loaded, that you're consistent with how IMA
is used, and that you know how your audit limits are configured.
More information about the Linux-security-module-archive
mailing list