| 1 |
Hi |
| 2 |
|
| 3 |
On 06/08/12 07:44, Grant wrote: |
| 4 |
> I started a discussion on gentoo-user about the fact that the hardened |
| 5 |
> profile appears to only be for servers and not desktops. I thought |
| 6 |
> I'd check with you guys on this. Is that the case? |
| 7 |
I'm using hardened on 3 laptops and 1 desktop, more or less on a daily |
| 8 |
basis (typing from one now :)), and I've been using gentoo hardened |
| 9 |
desktop for a number of years. I've been running either XFCE or KDE |
| 10 |
desktops mostly, on nvidia, ati or intel cards. Mind you, I don't care |
| 11 |
about hardware acceleration and I stay with OS drivers whenever I can. |
| 12 |
From my experience, getting the binary video drivers to work quite |
| 13 |
often requires disabling mprotect on whole lot of stuff (everything in |
| 14 |
nvidia case?), which IMHO, undermines the idea of hardening a system in |
| 15 |
the first place :) |
| 16 |
|
| 17 |
You do run occasionally into some issues, where you need to use paxctl |
| 18 |
to get something to work (usually disabling the mprotect restrictions) |
| 19 |
but most of the time things just work :) And recently you get a proper, |
| 20 |
hardened (not paxmarked) firefox and thunderbird out of the box |
| 21 |
too...purely awesome! :) |
| 22 |
|
| 23 |
Even mplayer can get all the hardened goodies and still works fine... ;] |
| 24 |
|
| 25 |
Radek |
Archives