RSBAC Handbook Releases
- 3.1.y
Patched kernels
Includes vanilla kernel with the RSBAC patch
- 3.1.5
Enhanced kernels
Combined patches with RSBAC and PaX, less well tested
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
v1.2.3
Theses are benchmarks made with :
- RSBAC version 1.2.3.
- Linux Kernel Gentoo Hardened RSBAC 2.6.7-r10
- GCC 3.3.4
- PaX is enabled everywhere as in Gentoo Quickstart
- Gentoo 2004.3 in Single User Mode
- A Pentium-M 733 ULW (Dohan) @ 1.1Ghz, speedstep Off
All tests were run 3 times and the average calculated in second.
We are compiling a vanilla 2.6.9 kernel from kernel.org
Four kernels have been tested:
- Vanilla Hardened, means rsbac-dev-sources, features Gentoo 2.6.7 patchset and Hardened patchset and RSBAC off. (No framework)
- RC + Auth
- All RSBAC Options On
- Default Gentoo RSBAC kernel as specified in the Gentoo Quickstart
Real represents the real time spent, in seconds User represents the total of CPU-seconds in user mode Sys represents the total of CPU-seconds in kernel mode Lower is better.
| real | user | sys | |
|---|---|---|---|
| Vanilla | 656 | 619 | 26 |
| RC+Auth | 661 | 619 | 34 |
| Gentoo | 664 | 620 | 44 |
| All On | 679 | 623 | 58 |
All theses values are percentages of performance decrease, based on Vanilla = 100 percent. Lower is better.
| real_p | user_p | sys_p | |
|---|---|---|---|
| Vanilla | 100 | 100 | 100 |
| RC+Auth | 100,7 | 100 | 130,7 |
| Gentoo | 101,2 | 100,1 | 169,23 |
| All On | 103,5 | 100,6 | 223,07 |
As you can see, only the kernel mode time increase significantly in RSBAC 1.2.3, but there are only very few actions done in this mode so it doesn’t really affect the real time very much.
To sum it up, we have a 1.2% difference of real time taken with a production kernel setup (Gentoo config), only 0.7% on a RC+Auth only enabled kernel, and a bigger 3.5% with every single option on.