Performance of regular expressions cannot be boosted with the JIT technique if executable stack is disabled
When the *SELinux* policy disallows executable stack, the *PCRE* library cannot use JIT compilation to speed up regular expressions. As a result, attempting JIT compilation for regular expressions is ignored and their performance is not boosted.
To work around this problem, amend the *SELinux* policy with a rule for enabling the "execmem" action on affected *SELinux* domains to enable JIT compilation. Some of the rules are already provided and can be enabled by specific SELinux booleans. To list these booleans, see the output of the following command:
getsebool -a | grep execmem
An alternative workaround is changing application code to not request JIT compilation with calls to the *pcre_study()* function.