Hi everyone, I've been trying to find the best way to secure linux distros, specially by using SELiunx, AppArmor, grsecurity or TOMOYO (I wanna learn to configure and work with one of those).

In some web sites (Fedora SELinux FAQ and linuxtopia), I've read that KDE is not the best for SELinux and AppArmor since every process "appear" as kdeinit.

From the Fedora SELinux FAQ (http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3203259):

"KDE executables always appear as kdeinit, which limits what can be done with SELinux policy. This is because every KDE application runs in the domain for kdeinit"

From linuxtopia (http://www.linuxtopia.org/online_books/opensuse_guides/apparmor_guide/apparmor_bx5djxb.html):

"Currently, it is not possible to confine KDE applications to the same extent as any other application due to the way KDE manages its processes."

What I get from these websites is that, while is possible to secure KDE apps with these technologies, I can't have the same degree of configuration that I could have with another DE or WM.

Is this accurate (and or current)? What about TOMOYO and grsecurity? (I couldn't find anything about how they work with KDE, but Mandriva uses TOMOYO by default) Am I getting something wrong? Which way would you secure your favourite KDE distro?.

Thanks in advance

Your best bet in this case would be to try. Most KDE applications however do fork off from kdeinit as this is an efficiency mechanism to ensure that libraries commonly shared between applications are prelinked in and do not have to be relinked at runtime.