Hi
On 06/08/12 07:44, Grant wrote:
I started a discussion on gentoo-user about the fact that the hardened
profile appears to only be for servers and not desktops. I thought
I'd check with you guys on this. Is that the case?
I'm using hardened on 3 laptops and 1 desktop, more or less on a daily
basis (typing from one now :)), and I've been using gentoo hardened
desktop for a number of years. I've been running either XFCE or KDE
desktops mostly, on nvidia, ati or intel cards. Mind you, I don't care
about hardware acceleration and I stay with OS drivers whenever I can.
From my experience, getting the binary video drivers to work quite
often requires disabling mprotect on whole lot of stuff (everything in
nvidia case?), which IMHO, undermines the idea of hardening a system in
the first place :)
You do run occasionally into some issues, where you need to use paxctl
to get something to work (usually disabling the mprotect restrictions)
but most of the time things just work :) And recently you get a proper,
hardened (not paxmarked) firefox and thunderbird out of the box
too...purely awesome! :)
Even mplayer can get all the hardened goodies and still works fine... ;]
Radek
