On 30/11/10 03:52, cpolish@xxxxxxxxxxxx wrote: > Christopher Chan wrote: >> Les Mikesell wrote: [...snip...] >> As was already mentioned in another post, run in permissive mode, for a >> few days if you must, and go through all the things the software does >> and voila! setroubleshoot and/or logs tell you what needs doing. > > Very optimistic, that. In my shop, some things run annually. > A comprehensive system test = production, for a year. Just > this morning a 1099 (annual tax-form) script failed in test. So you would rather disable SELinux completely - 365 days a year, rather than to switch to permissive mode when running this script once a year? I'm sorry, but I'm not able follow that logic. In fact after running successfully in permissive mode once, you should be able to figure out what your script does, use audit2allow and get a proper SELinux module for it ready in the matter of minutes or hours (depending on how invasive the script is). kind regards, David Sommerseth _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos