I quit using Fedora a couple of years ago, largely because I felt as though I was being used as an SELinux guinea pig. I spent days and says trying to work around selinux problems, until I eventually just turned it off. I'm not a professional sysadmin, but I know many of them who think SELinux is still just not workable enough for actual production systems. I just installed the release version of RedHat 6 and wanted to use mediawiki and a couple of other CGI php programs. All of those programs that require email capability via sendmail/postfix do not work with SELINUX turned on. Some programs are nice enough to pop up a "sendmail failed" message, but not all. type=USER_CMD msg=audit(1293752457.837:246): user pid=4383 uid=0 auid=500 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/var/www/mediawiki116" cmd=2F62696E2F7669204C6F63616C53657474696E67732E706870 terminal=pts/4 res=success' type=AVC msg=audit(1293752692.348:247): avc: denied { search } for pid=4583 comm="sendmail" name="postfix" dev=sda2 ino=150564 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:postfix_spool_t:s0 tclass=dir type=SYSCALL msg=audit(1293752692.348:247): arch=c000003e syscall=80 success=no exit=-13 a0=7f44c0011cc0 a1=7f44c0013a00 a2=7f44c001827d a3=7fff104b7710 items=0 ppid=4410 pid=4583 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=9 comm="sendmail" exe="/usr/sbin/sendmail.postfix" subj=unconfined_u:system_r:httpd_t:s0 key=(null) It is a known bugzilla, there's supposed to be some fix in the way, but it has turned into such a big hassle for us here that we've turned selinux down to PERMISSIVE mode, just so things will work. SELINUX generates such a massive amount of output in /var/log/audit that I would never be able to notice what fails and what doesnt, some programs silently die with SELINUX rejects them. For example, I created a bunch of accounts in mediawiki that require email confirmation. Use of sendmail was rejected, (silently), and so the users's can't log in. Grrr. -- Paul E. Johnson Professor, Political Science 1541 Lilac Lane, Room 504 University of Kansas _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos