[OpenAFS] OpenAFS and SELinux?

Joshua Hutchins jdhutchin@ugcs.caltech.edu
Fri, 28 Mar 2008 00:12:37 -0700

I'm looking for ways to improve the security of some of our servers- one
in particular which runs mail as well as an AFS fileserver.  I'm
concerned that a hacked mail server could lead to compromise of the
server key, which would then compromise the entire cluster.  SELinux
would be able to keep the file server key safe from other processes, but
I don't know if it would play nicely with AFS.  Has anyone tried running
OpenAFS under SELinux, and if so, does it work well?

Thanks, Joshua