On Mon, 30 Aug 2010 13:29:51 +0900, Takehiko Abe wrote: >>> I would advise Patrick to disable Selinux. I've made that decision > >> long ago because it gives me more problems when enabled that I can > >> possibly solve. IMHO the user interface is so bad that selinux is > >> unuseable for an ordinary enduser. Huge rant against SELinux deleted . . . . I've had exactly the opposite experience running SELinux, even with hand- compiled applications from a variety of sources - including my own. I've had some issues with understanding how SELinux works - the latest being not able to pipe output to root's home directory. However, in retrospect, the restriction is good and one that is easy to solve (pipe to /tmp, then mv or cp). The last two nightmare SELinux issues I had were with Songbird and the Mono server that enables Mono on Apache. Both had multiple problems, and to me it's indicative of sloppy coding. I decided not to run those applications. This is probably a wise decision since Songbird for Linux is no more. I've yet to see a satisfactory configuration of Mono and Apache on Linux that doesn't entail disabling SELinux. Since I'm not a .NET or C# fan, I'll happily do without. I think in a home environment the key has been to run in permissive mode. Then you get all of the warnings along with how to fix the problem. An added bonus is that you can submit bug reports about SELinux with the hope of making it better and more seamless. Once you don't get SELinux warnings for a few days, you might think about running in strict mode. The only continuing nag that I have now is NVidia's proprietary driver. Fortunately I have a script I run after building the driver to take care of any lingering SELinux issues. I prefer installing the driver by hand (as well as tweaking xorg.conf and overclocking my graphics card) rather than depending on rpmfusion.org. They provide a fine service (and I use some of their other packages), but I've had no trouble building the stock NVida drivers. . . . . just my two cents. /mde/ -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
