El 08/06/12 09:44, Grant escribió: > I started a discussion on gentoo-user about the fact that the hardened > profile appears to only be for servers and not desktops. I thought > I'd check with you guys on this. Is that the case? I have been using Gentoo on Desktop systems for some time, mainly because it doesn't makes much sense speaking well to others of something without being an example. The Gentoo Hardened system can be used as a Desktop for daily use (I do use it) and by that I also mean I have used it even on demanding tasks like live video streaming from DV cameras (never tried playing games since I'm not that kind of person).
Of course there are some drawbacks, but the team is aware of them and we do our best to fix these. Some of the ones that come to mind are: * If you plan on using binary drivers you'll need to disable many security protections on a most of the programs since the libraries bundled with them are not hardened friendly. * Some open source graphical drivers (ATI/AMD comes to mind) require JIT code in 3D applications (or hacking LLVM so it will always default to the slooooow interpreter mode). This is a known issue and can be fixed with tools like revdep-pax which allow you to check which are those applications. * In general JIT code is deemed to fail in hardened systems because of mprotect restrictions, this is a known issue and tends to be fixed by disabling JIT code generation in the affected packages or removing the mprotect restrictions on said binaries. * Virtualization is a world in itself, many processors with virtualization extensions (specially older ones without hardware nested pagetables supports) tend to be rather slow with UDEREF and kernexec enabled in kvm. I think this is more of an implementation issue than a real hardware issue but I may be wrong here. As for other solutions each tends to be a world of its own where is better to just try them and see what happens since they tend to be very hardware specific. @Grant I generally tend to monitor gentoo-user from time to time to answer to threads involving hardened (although it is hard to read everything so many just pass by ignored), can you please tell me the topic of the thread so I can give it a look and contribute as needed?
signature.asc
Description: OpenPGP digital signature
