The results for the UnixBench system microbenchmarks are shown in Table 9. The file copy benchmark measures the rate at which data can be transferred from one file to another, using various buffer sizes. For small buffer sizes, the system call overhead dominates the time to copy the file. The SELinux overhead consists of revalidating permissions for each read and write for the file copy. As the buffer size increases, the time to copy the file becomes dominated by the unaffected memory copying costs, so the SELinux overhead becomes negligible.
The pipe benchmark measures the number of times a process can write 512 bytes to a pipe and read them back per second. The pipe switching benchmark measures the number of times two processes can exchange an increasing integer through a pipe. The SELinux overhead consists of revalidating permissions for each read and write on the pipe.
The process creation test measures the number of times a process can fork and reap a child that immediately exits. The SELinux overhead consists of performing a permission check on each fork and wait operation. The execl benchmark measures the number of execl calls that can be performed per second. The SELinux overhead consists of computing the label for the transformed process and performing permission checks for searching the path, executing the program, and inheriting open file descriptions.
The shell scripts test measures the number of times per minute a process can start and reap a set of 8 concurrent copies of a shell script, where the shell script applies a series of transformations to a data file. The SELinux overhead consists of computing the label for processes for each program execution, computing the label for new files created by the scripts, and performing permission checks for the various process and file operations.