1 |
Hi |
2 |
|
3 |
On 06/08/12 07:44, Grant wrote: |
4 |
> I started a discussion on gentoo-user about the fact that the hardened |
5 |
> profile appears to only be for servers and not desktops. I thought |
6 |
> I'd check with you guys on this. Is that the case? |
7 |
I'm using hardened on 3 laptops and 1 desktop, more or less on a daily |
8 |
basis (typing from one now :)), and I've been using gentoo hardened |
9 |
desktop for a number of years. I've been running either XFCE or KDE |
10 |
desktops mostly, on nvidia, ati or intel cards. Mind you, I don't care |
11 |
about hardware acceleration and I stay with OS drivers whenever I can. |
12 |
From my experience, getting the binary video drivers to work quite |
13 |
often requires disabling mprotect on whole lot of stuff (everything in |
14 |
nvidia case?), which IMHO, undermines the idea of hardening a system in |
15 |
the first place :) |
16 |
|
17 |
You do run occasionally into some issues, where you need to use paxctl |
18 |
to get something to work (usually disabling the mprotect restrictions) |
19 |
but most of the time things just work :) And recently you get a proper, |
20 |
hardened (not paxmarked) firefox and thunderbird out of the box |
21 |
too...purely awesome! :) |
22 |
|
23 |
Even mplayer can get all the hardened goodies and still works fine... ;] |
24 |
|
25 |
Radek |