Spinning off from the other thread about SELinux, I just tried to re-enable SELinux on my personal server hosting just email and forum for a small local community.
Average load for this Intel Core 2 Duo box with 2GB of ram (usually with some 1GB free) was generally below 0.4 for the last 24hrs, averaging 0.23 based on MRTG.
Once I did setenforce 1, load shot through the roof to fluctuate between 3 to 5. As per my past experience setroubleshootd started chewing up ram more than 600M and 500M worth of virt and res based on top. The server started crawling and php apps stopped communicating with mysql.
I had to kill setroubleshootd in order to return things to normal.
This again reflects my original experience with SELinux: massive resource hog and this is just a lowly loaded webserver. Naturally it seems to me that this doesn't seem like it should be the norm.
What could be going on here or rather what could be wrong here?
On Fri, 2009-03-06 at 12:00 +0800, Noob Centos Admin wrote:
Spinning off from the other thread about SELinux, I just tried to re-enable SELinux on my personal server hosting just email and forum for a small local community.
Average load for this Intel Core 2 Duo box with 2GB of ram (usually with some 1GB free) was generally below 0.4 for the last 24hrs, averaging 0.23 based on MRTG.
Once I did setenforce 1, load shot through the roof to fluctuate between 3 to 5. As per my past experience setroubleshootd started chewing up ram more than 600M and 500M worth of virt and res based on top. The server started crawling and php apps stopped communicating with mysql.
I had to kill setroubleshootd in order to return things to normal.
This again reflects my original experience with SELinux: massive resource hog and this is just a lowly loaded webserver. Naturally it seems to me that this doesn't seem like it should be the norm.
What could be going on here or rather what could be wrong here?
---- did you 'relabel' the entire filesystem? - that's pretty much necessary if you've been running the system without having SELinux running, at least in permissive mode.
Craig
On Fri, Mar 6, 2009 at 12:11 PM, Craig White craigwhite@azapple.com wrote:
did you 'relabel' the entire filesystem? - that's pretty much necessary if you've been running the system without having SELinux running, at least in permissive mode.
SELinux had been running in permissive. I did not disable during install because of the warning about having to relabel the entire filesystem if I wish to re-enable it subsequently. That seems like a bad idea so I've always ran it in permissive rather than enforcing due to the first experience.
Noob Centos Admin wrote:
This again reflects my original experience with SELinux: massive resource hog and this is just a lowly loaded webserver. Naturally it seems to me that this doesn't seem like it should be the norm.
You do not need setroubleshoot to run selinux, so your comment up there says nothing. SELinux itself is not a resource hog at all (and which version are you running? Is that box up to date?).
Ralph
-
Craig White -
Noob Centos Admin -
Ralph Angenendt