Bill Davidsen <davidsen@xxxxxxx> writes: > That's a bit like asking how to turn off the burglar alarm so > break-ins won't be so noisy. The correct question is how to set > attributes correctly so google earth will run, and the answer may be > in the SElinux report, as it often is. Real the report and see if it > gives you a command to run which solves the problem. ;-) Good analogy, extra style points for making one feel guilty for turning off something that sounds like it should be a good thing to have on in general. Each distribution, since I think FC4, I've tried to run selinux and after a short time decided it simply wasn't worth the trouble. On anything more complicated than a client-only, stand-alone system, I'd get low-probability failures creeping out of the woodwork forever. Selinux as currently delivered is a better DOS than any outside attacker has ever inflicted on WSRCC in the one and a half dozen years it has been on the net. (Now, I obviously still believe in chrooted, internet-faceing programs run as powerless per-daemon users, and I'm a firm stickler in no non-RSA/DSA remote logins. I just don't like my own system DOS-ing me randomly.) This time on F10 selinux lasted exactly 15 minutes. The first time I tried to log in as an NFS automounted user, I realized that things have gotten worse in terms of working for me out of the box. Sure I could fight the issue and use the selinux tools to adjust the permissions, but why bother, it is clear this hasn't been well tested and using selinux will be an uphill battle with a pre-alpha quality permissions database that I'll essentially be maintaining on my own. I strongly suspect that Red Hat doesn't run with selinux enabled on their corporate machines. From how rickety everything still is, it just doesn't feel like they eat their own dog-food. How can NFS-ed home directories possibly not work if they did? Folks from RH are of course encouraged to tell me how wrong I am. -wolfgang -- Wolfgang S. Rupprecht http://www.full-steam.org/ (ipv6-only) You may need to config 6to4 to see the above pages. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines