Somebody in the thread at some point said: > Selinux is another layer of security, it isn't a replacement of any > security layers, I see no reason why anyone feels such apparently > hostility to this piece of technology. I can remember how it made me feel in the early days of it, extreme frustration that it was blocking what I was asking to happen. That frustration ended up dumped on selinux because it built up over the minutes looking for what I had managed to do wrong, before finally finding the AVC and putting two and two together and realizing I didn't do anything wrong: *IT* thought it knew better. Simply recognizing that problems with permissions, failure to start services or whatever should first cause a check on /var/log/messages reduced the chance for frustration to build up. That and the fact the targeted policies now really match what "many" people are doing with the services, with almost enough bools to customize it in all the main ways. -Andy
