Hi > It seems pretty good. However, a good defense-in-depth practice is to > combine several layers of protection. SELinux is a good layer, although > it creates a lot of complexity which may not be desirable in all > scenarios. the complexity comes from the flexibility of Apache. a policy that protects apache with all of its flexibility but still restricts it is bound to be complicated. You should be able to run apache under targetted policy pretty easily. If you do have problems then read the documentation given http://fedora.redhat.com/docs/selinux-faq-fc3/ If that does not resolve your particular issue start a discussion in the fedora selinux list. the question you should be asking yourself when its comes to security is not just why but also why not -- Regards, Rahul Sundaram
