On Tue, Nov 24, 2009 at 11:18 AM, Graham Stewart <[log in to unmask]> wrote: > We run many Library / web / database applications on RedHat servers with > SELinux enabled. Sometimes it takes a bit of investigation and horsing > around but I haven't yet found a situation where it had to be disabled. > setsebool and chcon can solve most problems and SELinux is an excellent > enhancement to standard filesystem and ACL security. Agreed that SELinux is useful but it is a tee-otal pain in the keister if you're ignorantly working against it because you didn't actually know it was there. It's sort of the perfect embodiment between the disconnect between the developer and the sysadmin. And, if this sort of tension interests you, vote for Bess Sadler's presentation at Code4lib 2010: "Vampires vs. Werewolves: Ending the War Between Developers and Sysadmins with Puppet" and anything else that interests you. http://vote.code4lib.org/election/index/13 -Ross "Bringin' it on home" Singer.