On Mon, 2007-06-18 at 15:26 -0600, Stephen John Smoogen wrote:
I am sorry, but while I believe that it was meant in jest...
Yes, it was a slight reference to a message from a few days ago.
the core of the problem is that turning it off is the default answer from too many people who have no idea why an application isnt working.
Yes. There are many CentOS-oriented howtos out there that recommend turning off SELinux as their first step, where it is unnecessary for such configuration. It is better to teach people about security in such articles, than to recommend turning off SELinux defacto.
I agree with you (Stephen Harris) that it is not always necessary to have SELinux enabled. But there was a tendency on various lists that started with the non-modular SELinux policy (which is admittedly, much more of a pain to modify) to recommend users to turn of SELinux. I'd like to see things happen the other way around, where people keep it enabled, unless there is a good (informed) reason to so.
It was not my intention to imply that you haven't disabled SELinux for a good reason. I reacted to your message, because it may give some people bad ideas (like turning off SELinux when Xen doesn't work, because they haven't set the correct context for images).
-- Daniel