On Mon, 2005-09-12 at 20:49 -0400, Peter Arremann wrote: > On Monday 12 September 2005 20:45, Daniel Vogel wrote: > > [snip snip] > > > > >The default SELinux policy for tftpd does not support upload, so > > >that<br>>could be the issue if you're >running SELinux. > > > > So, again... whats the point of selinux? > > I have disabled it to make my machine work properly. When it was working > > many things didn't run. > > > > I just still can't find the utility of it. > Security always comes at the price of userfriendlyness. If you have a system > that is used for development, as a desktop or a test machine I've not found > much use for it either. If you on the other hand run a system as a server > with a workload that does not change often (i.e. running the same app over > and over again by different users) it gives you an additional layer of > security. I run SELinux on all my boxes, including my desktop. It's not a big hassle because the default targeted policy is aimed at the daemons, leaving normal user operations running unconfined. If you can get the daemons sorted out so that the SELinux policy matches the way you are using them, it doesn't get in the way. Daniel's issue is that he is using the tftp daemon in a way not currently covered by policy. He doesn't appear to have the patience to either tweak the policy to make it work for the way he's using the system, or to raise the issue on the selinux list or in bugzilla. So SELinux is not likely to get any better for him unless someone else has the same issues and works them through, getting the necessary changes made so that everyone benefits. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>