Hello. I am an applications developer with an interest in building secure systems. As a former practicing pathologist, I believe I have a good set of "clues" for developing a comprehensive accessioning and reporting application for pathologists. This will necessarily use a database server, plus database clients who might connect either on the same machine or on different machines perhaps even on different sites. That means that the database server must be exposed to the public Internet, though I can certainly use iptables to limit access to a single recommended port. Obviously I'm considering SELinux as the base operating system for the database server, and perhaps also for database client systems. Next week I hope to have a new, experimental box on which I plan to install Fedora Core 3 Test 3 (one test away from general release; how buggy can it really be?) with SELinux switched on, in permissive mode to start with, and hopefully to proceed to full enforcement mode. Is there anything I need to know, beyond what I can glean from Fedora's FAQ or the NSA's FAQ? Is the NSA's document on how to write SELinux policies the best place to get started? What do I need to consider when building and running a new application in an SELinux environment? Those of you out there running SELinux in enforcement mode--do you have any insights you can share with me? Thanks in advance. Temlakos
