SELinux Attack!

[Gordon Messmer]

Karl Larsen wrote:
>    This morning I started the computer and it stopped for 10 minutes 
> because it could not find cups. It talked about applying iptables but 
> had "never matched protocal" and when it finally came up Thunderbird 
> was broken.

As others have pointed out, this seems much more like a DNS problem than 
an SELinux problem.  The clearest indicator that the problem was not 
SELinux is that SELinux is a security system; if it denies some access, 
it will continue to deny that access.  When SELinux is a problem, 
programs won't take longer to function, they will fail immediately.

While your problem seems to be solved, and you believe that changing 
SELinux was the solution, I think it's unlikely that SELinux was the 
only knob you frobbed to fix your system.

If you want to see whether or not SELinux may be causing problems, all 
you need to do is this:

# getenforce
Permissive

If the "getenforce" program reports "Permissive", then SELinux is in a 
state where it will *log* what it would have done if it were enforcing, 
but will not and can not create problems for your system.  "Disabled", 
obviously, also can not cause problems.

After checking your SELinux settings, you should have checked resolution 
of your hostname.  To do this, start by establishing what your hostname is:

# hostname
herald.private.dragonsdawn.net

Then make sure that hostname can be resolved, either by the hosts file 
or DNS:

# getent hosts `hostname `
192.168.1.6     herald.private.dragonsdawn.net

If you get an error from "getent", then you need to make sure that your 
hostname can be resolved.  You can do this by listing it in /etc/hosts, 
or by setting up the name in DNS.