On Friday 23 May 2008 01:46:33 James B. Byrne wrote:
Dealings with SELinux issues typically do not lend themselves to short answers. SELinux is like an onion, each each exception blocks access until resolved. Thus each policy change has to be made individually and then the process retested so that the next impediment evidences itself.
Note that simply overriding what SELinux is prohibiting is not what I am advocating here. Sometimes the problem is that the software needs its file system access expectations trimmed back and that requires filing a bug report with the maintainers. However, in a production environment you normally just have to get things working and what I usually do is weigh what the program is requesting against what I want it to do for me. Often the problem is that the default policy is simply too restrictive. On rare occasions I do actually file a bug report but almost always override the local policy anyway just to get on with the job.
I hope this helps.
Hello James, Thank you very much for the sharing. It's very informative.