Colin Walters wrote: > On Thu, 2005-06-16 at 03:56 +0200, Bernardo Innocenti wrote: > > >>I also disabled SELinux, mainly because I wasn't willing to >>fix all my services to run properly with the strict policy that >>was initially shipped with FC2. Then I just didn't find the >>time/motivation to turn it on again. Yes, lame me :-) > > > You are aware things have massively changed since FC2? It's > pretty easy to reenable, nowadays just run system-config-securitylevel > then reboot. Yes, I do... but that's quite a complex server, with some custom stuff installed in /usr/local, so I'm afraid I'd have to fiddle with the policy. Some time ago I bought O'Reilly's SELinux book and read through it, but the underlying complexity of SELinux scared me off somewhat. I'm sure I can get it to work properly with my setup, but I'm also afraid it would take too much headaches for initial setup *and* some additional effort when I install new stuff. That said, I'd recommend SELinux for most sites, expecially when they are very popular. -- // Bernardo Innocenti - Develer S.r.l., R&D dept. \X/ http://www.develer.com/ -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list