1 |
Hi! |
2 |
|
3 |
On Tue, Nov 25, 2008 at 06:39:26PM +0200, Jan Klod wrote: |
4 |
> Could you post a list of apps, that need PaX lifted? |
5 |
|
6 |
Most of this already done by portage when emerging apps, so you rarely |
7 |
need to do this manually. Few examples come in my mind is operawrapper for |
8 |
running complex Flash/Flex applications; mplayer for playing files in |
9 |
windows-related formats using codecs in .dll (media-libs/win32codecs); |
10 |
and OS Inferno which is virtual machine like Java but compiled manually |
11 |
(probably I'll create ebuild for it later). |
12 |
|
13 |
Also you have to switch off one item in kernel configuration (compared to |
14 |
typical config on servers): |
15 |
Security options ---> Grsecurity ---> Address Space Protection ---> |
16 |
[ ] Disable privileged I/O |
17 |
and may need to enable loadable modules support (also switched off on |
18 |
servers) to work with VMware or binary NVidia drivers etc. |
19 |
|
20 |
> Also there is another question: has anyone made some benchmarks to see how |
21 |
> much raw computing power (CPU+RAM access, which happen during some purely |
22 |
> computational task) decreases? |
23 |
|
24 |
There some available on internet, just google for it. AFAIR there was 2-5% |
25 |
slowdown compared to non-hardened system. |
26 |
I did my own tests several years ago when switching to hardened - same |
27 |
results: 2% slowdown for most operations, compiling a little more slower. |
28 |
|
29 |
Nothing noticeable on workstation to worry about unless you have ancient |
30 |
hardware which play mp3s using 100% CPU and will lag if you do anything |
31 |
else at same time. :) |
32 |
|
33 |
-- |
34 |
WBR, Alex. |