This section discusses the impact of the SELinux security mechanisms on the performance of the the Linux kernel. The set of benchmarks used was influenced by the Linux Benchmarking HOWTO [6]. Microbenchmark tests were performed to determine the performance overhead due to the SELinux changes for various low-level system operations. Macrobenchmark tests were performed to determine the impact of the SELinux changes on the performance of typical workloads.
Each test was performed with two different kernel configurations. The base kernel configuration corresponds to an unmodified Linux 2.4.2 kernel. This configuration was measured to provide the performance baseline for each benchmark. The selinux configuration corresponds to an enforcing Security-Enhanced Linux 2.4.2 kernel. The performance measurements of the selinux configuration can be compared against the baseline to determine the overhead imposed by the SELinux security mechanisms.