On Thu, 3 Jan 2008 13:29:18 -0800 "Ed Swierk" wrote:
Since someone asked, here's my little SELinux rant:
[ ...rant truncated... :-) ]
For me learning SELinux seems as pointless as trying to remember iptables commands, or AFS trivia back when I was a student--all cause me trouble just infrequently enough to ensure I have to relearn them from scratch every time. If I were a full-time sysadmin of course it would be a different story, but I really don't have the brain cycles to remember anything more complicated than chmod and chown, and I suspect a large number of accidental sysadmins feel the same.
I run into similar problems every time I've tried to enable SELinux. I now run it in "permissive" mode on most of my machines and watch the occasional warnings appear in /var/log/messages.
But I think the situation is improving since I'm seeing fewer warnings in F8 than with F7 or FC6. And you can install the "sealert" packages:
setroubleshoot.noarch setroubleshoot-plugins.noarch setroubleshoot-server.noarch
which provide much more detailed and helpful diagnostic messages.
Ed