On Wed, Dec 14, 2005 at 17:54:53 +0200,
Devrim GUNDUZ <devrim@commandprompt.com> wrote:
> Hi,
>
> On Wed, 2005-12-14 at 10:42 -0500, Tom Lane wrote:
> > > Hmm. Two questions:
> > > - Is SELinux enabled?
> >
> > I think that's the only question you need ;-). And the answer is
> > probably "get a newer version of selinux-policy". Disallowing the
> > postgres executable from writing on /dev/tty was one of the earlier
> > policy mistakes ...
>
> I'm pleased to always disable SELinux :) . I remember to have an
> OpenWebmail problem months ago that drove me crazy, and at last I found
> that it was a SELinux problem.
I like the targetted selinux as that gives you a bit more protection from
unknown (to you) vulnerabilities in services.
Right now the mandatory access is too much of a pain (for me at least) to
use.
