[OpenAFS] OpenAFS and SELinux?

Jason Edgecombe jason@rampaginggeek.com
Fri, 28 Mar 2008 08:50:13 -0400


Joshua Hutchins wrote:
> Sorry, I should have been more clear.  The same machine is both the mail
> server and a fileserver.
>
> Harald Barth wrote:
>   
>>> I'm concerned that a hacked mail server could lead to compromise of
>>> the server key, which would then compromise the entire cluster.
>>>     
>>>       
>> I know that there are folks out there which deliver email into AFS and
>> not all of you do it by distributing the server key to the email
>> server, don't you? So how do you do it?
>>
>> Harald.
>>   
>>     
I would highly recommend splitting the mail server from the file server.
Use Xen/VMware or something else to make two virtuals if you don't have
a spare box.

selinux works fine with OpenAFS clients, but I haven't run it on servers
before.

Jason