On Fri, Jul 12, 2013 at 02:38:33PM -0400, Drew from Zhrodague wrote: > > It is an excellent solution for those of us who want our stuff to > work, without having to fight with SELinux. I always disable > SELinux.
Again, not a solution. Management of selinux is trivial these days with a wealth of information to assist in doing so available at your fingertips on the web. This type of behavior is dangerous and admins should be ashamed that they believe this to be a 'solution'; learn to use the tools available: setenforce 0 # drop to permissive load_policy # create reset point to assist in isolation of avcs # go through all motions to trigger all actions that need to be allowed audit2allow -M $module_name -l -i /var/log/audit/audit.log # build module setenforce 1 # restore enforcing less $module_name.te # inspect the module, salt to taste semodule -v -i $module_name.pp # load it profit $module_name is an arbitrary name of your choosing. Full documentation is available for everything above. John -- "Worry never robs tomorrow of its sorrow, it only saps today of its joy." ~~ Leo Buscaglia
pgpg6KJmB9tbM.pgp
Description: PGP signature