"Mark Travis" <marktrav@bellsouth.net> writes:
> Tom, I owe you bigtime. That was exactly the problem. I would remove selinux
> from my machine if I wasn't worried that it wasn't actually protecting me
> from the outside world. I had problems installing OpenGroupware as well with
> selinux, but I thought I had them resolved. I bet it got overwritten on an
> update cycle.
selinux is definitely still a work-in-progress. I think eventually it
will be a great security tool, but right now it's a real PITA to work
with --- they're a long way from having all the rough edges filed down,
in terms of writing a policy that will allow standard daemons to do
what they've traditionally done. I have to take some of the blame here,
because I should have done more testing while FC3 was still internal to
Red Hat. I did not realize how invasive selinux really is :-(
regards, tom lane
