| 1 |
Hi! |
| 2 |
|
| 3 |
I also can confirm workstation with GrSecurity+PaX (without RBAC/SeLinux) |
| 4 |
are very ease to setup and works very well nowadays - all you need is |
| 5 |
carefully set kernel options related to GrSecurity and PaX and rebuild all |
| 6 |
system using hardened gcc. |
| 7 |
|
| 8 |
Problematic software are nvidia-drivers (it works, but require extra |
| 9 |
paxmarking for some apps like Xorg and mplayer) and vmware (usually need |
| 10 |
extra patches and doesn't work on amd64 for years - virtualbox and |
| 11 |
qemu/kvm works ok, so it's not a big deal). |
| 12 |
|
| 13 |
-- |
| 14 |
WBR, Alex. |
Archives