Spinning off from the other thread about SELinux, I just tried to re-enable SELinux on my personal server hosting just email and forum for a small local community. Average load for this Intel Core 2 Duo box with 2GB of ram (usually with some 1GB free) was generally below 0.4 for the last 24hrs, averaging 0.23 based on MRTG. Once I did setenforce 1, load shot through the roof to fluctuate between 3 to 5. As per my past experience setroubleshootd started chewing up ram more than 600M and 500M worth of virt and res based on top. The server started crawling and php apps stopped communicating with mysql. I had to kill setroubleshootd in order to return things to normal. This again reflects my original experience with SELinux: massive resource hog and this is just a lowly loaded webserver. Naturally it seems to me that this doesn't seem like it should be the norm. What could be going on here or rather what could be wrong here?
On Fri, 2009-03-06 at 12:00 +0800, Noob Centos Admin wrote:> Spinning off from the other thread about SELinux, I just tried to > re-enable SELinux on my personal server hosting just email and forum > for a small local community. > > Average load for this Intel Core 2 Duo box with 2GB of ram (usually > with some 1GB free) was generally below 0.4 for the last 24hrs, > averaging 0.23 based on MRTG. > > Once I did setenforce 1, load shot through the roof to fluctuate > between 3 to 5. As per my past experience setroubleshootd started > chewing up ram more than 600M and 500M worth of virt and res based on > top. The server started crawling and php apps stopped communicating > with mysql. > > I had to kill setroubleshootd in order to return things to normal. > > This again reflects my original experience with SELinux: massive > resource hog and this is just a lowly loaded webserver. Naturally it > seems to me that this doesn't seem like it should be the norm. > > What could be going on here or rather what could be wrong here?---- did you 'relabel' the entire filesystem? - that's pretty much necessary if you've been running the system without having SELinux running, at least in permissive mode. Craig
Noob Centos Admin wrote:> This again reflects my original experience with SELinux: massive > resource hog and this is just a lowly loaded webserver. Naturally it > seems to me that this doesn't seem like it should be the norm.You do not need setroubleshoot to run selinux, so your comment up there says nothing. SELinux itself is not a resource hog at all (and which version are you running? Is that box up to date?). Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090306/d7f7fe68/attachment-0004.sig>