On Sat, 2004-11-13 at 03:48, john bray wrote: > On Fri, 2004-11-12 at 10:01 -0500, Daniel J Walsh plumb said: > > Steven Stern wrote: > > > > >On Fri, 12 Nov 2004 09:37:21 -0500, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > > > > > > > > > > >>So I would hope that people will work with it and not just turn it off > > >>as soon as they have a problem > > >>with the system. > > >> > > >> > > > > > >I haven't had any problems and assume it's working fine on my system. But how > > >do I know? Will something show up in logwatch if there's something to worry > > >about? What syslog message prefix indicates a SELINUX targeted policy > > >message? > > > > > >(Yes, this is probably in the FAQ, so if you can point me to the right one, > > >I'll go off quiely and read it.) > > > > > > > > You might see some change in behavior of applications and usually AVC > > messages in /var/log/messages. > > > > For the most part you probably will see nothing. > > > > sestatus shows you whether it is running or not. > > > > > > > > ok. i got interested in checking this out. so: > > [root@junior ntp]# grep AVC /var/log/message* > [root@junior ntp]# sestatus > SELinux status: disabled > [root@junior ntp]# > > > i thought that FC3 was defaulting to targeted? this is an upgrade from > FC2 system, BTW. > > what do i have to do now, to get it turned on? John, An earlier poster said it is off by default on upgrades. GUI method: System Settings -> Security Level, SELinux tab, check Enabled and Enforcing, Policy should be Targeted. Command line method: edit /etc/selinux/config. Reboot (its kernel stuff so reboot unfortunately needed). I've got a fresh FC3 installation (not upgrade) and have a PHP application using either PostgreSQL or MySQL. As SELinux documentation indicates it should allow http/PHP to access MySQL I was not surprised that my application did not work with PostgreSQL, but it did not work with MySQL either. If I turn off SELinux then it is fine with either database. I agree SELinux is a good idea (particularly for servers), but I have not yet found good documentation on the details of setting it up (with PostgreSQL in particular), maybe I simply need to look harder. Another previous poster hoped that we would work with SELinux to help it along, and I agree with this, but present time constraints make it so much easier for me to simply work with SELinux disabled. Regards Chris
