On Sat, Dec 27, 2008 at 5:22 PM, Chuck Forsberg WA7KGX N2469R <caf@xxxxxxxx> wrote: > I tried configuring Linux so Apache wouldn't have to look > outside /var/www for any of its data. I arranged the HD with > a separate partition for /var/www so Apache/SElinux would > be happy with its own little sandbox. The installation failed. > Apparently Anaconda couldn't hack /var/www being on its > own file system. So, back to the usual disk arrangement. > > I installed Fedora 10 and immediately ran the updates, > all 770 MB of them, before doing anything else. With > the storms in the west nobody seemed to miss omen.com > being down over Christmas. > > With the up to date system, Apache would fail at line > 280 on its init script insisting that the document root > had to be a directory. I checked the syntax, directory > perms et al but no joy. I didn't see an SElinux denial > popup. Apache just thought its document root directory > wasn't a directory. > Disabling SElinux made it all better. > > There is something special about SElinux that makes it > such an issue for me and others in similar situations. > To adequately test Fedora before deploying it would > require a separate local network and a separate ISP > connection. This is not a viable solution for many. > > As a result, problems such as SElinux and Apache crop > up when a system is being brought online when downtime > to mess with the mess is not available in abundance. The > necessary solution is to disable SElinux and hope the > next iteration will be ready for prime time. > > If BSD is secure without SElinux, why not Fedora? Consider how many people use SELinux especially when serving HTTP. Maybe in FC2/3 it was a bit troublesome. But at this stage of development, you really shouldn't have enough problems with SELinux and Apache to warrant an email. -- Fedora 9 : sulphur is good for the skin ( www.pembo13.com ) -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
