[OpenAFS] OpenAFS and SELinux?
Jason Edgecombe
jason@rampaginggeek.com
Fri, 28 Mar 2008 08:50:13 -0400
Joshua Hutchins wrote:
> Sorry, I should have been more clear. The same machine is both the mail
> server and a fileserver.
>
> Harald Barth wrote:
>
>>> I'm concerned that a hacked mail server could lead to compromise of
>>> the server key, which would then compromise the entire cluster.
>>>
>>>
>> I know that there are folks out there which deliver email into AFS and
>> not all of you do it by distributing the server key to the email
>> server, don't you? So how do you do it?
>>
>> Harald.
>>
>>
I would highly recommend splitting the mail server from the file server.
Use Xen/VMware or something else to make two virtuals if you don't have
a spare box.
selinux works fine with OpenAFS clients, but I haven't run it on servers
before.
Jason