Tim: >> Be that as it may, it's counterintuitive: Why should we have to set >> permissions in two different ways? Les Mikesell: > If you don't want two different security checks you can disable > SELinux and run the way unix systems have for decades. I have, on one system. But perhaps I should be more explicit: If, *I* set something as world readable, apart from I feel that it ought to do precisely what I just set it as, why cannot the system also be able to set the appropriate SELinux restrictions at the same time? >> If we set something as world >> readable, let the system actually apply that setting (it should also set >> appropriate SELinux restrictions for you). > 'Appropriate' SELinux relate to the process involved, not the files so > this is impossible. I still don't see any reason why something that's world readable also needs further configuration to say "this also means you". World readable ought to mean anybody and anything can read that file. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.