On Wed, 2007-05-09 at 12:39 -0600, Richard Megginson wrote:
Karl MacMillan wrote:
> On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote:
>
>> Karl MacMillan wrote:
>>
>>> The page
http://directory.fedoraproject.org/wiki/Install_Guide suggests
>>> putting selinux into permissive mode. Why? I've not seen any problems
>>> running the directory server under enforcing (either fedora-ds-base from
>>> extras or the full install).
>>>
>> Without looking I suspect it is because the newer packages fit into the
>> filesystem better so are probably covered by existing SELinux rules.
>> When it was installed in /opt/fedora-ds alone there was no security
>> context covering it.
>>
>>
>
> Installing into /opt of a recent rawhide showed no problems. Even if it
> was a problem it would have been a _very_ easy fix either in the policy
> package or the directory server packages.
>
Try RHEL4. I know Dan Walsh did a lot of work to write SELinux policies
for DS in FC5 or 6, which are also in rawhide.
Do you have a test environment on RHEL 4 I can access - I don't have one
quickly available.
Thanks - Karl
>
>> It probably heavily depends on which release you're installing it onto
>> as well.
>>
>>
>
> I think that we need to work to resolve any issues and remove that
> suggestion. At the very least it needs to specify specific OS and
> directory server releases.
>
Definitely.
> That blanket statement is very harmful and unnecessary.
>
> I'll be happy to help you resolve any issues - just give me the specific
> problems that you are seeing.
>
> Karl
>
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
--
Fedora-directory-devel mailing list
Fedora-directory-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-devel