----- Original Message ----- From: cpolish@surewest.net
Christopher Chan wrote:
Les Mikesell wrote:
All of the third-party software I run seems to run just fine, as long as the right contexts are applied.
Well, obviously it will work after someone takes the time to make it work. Now it is your turn to quantify: How much would you charge to teach someone to be able to make those changes and how long would it take? This has to include the ability to quickly diagnose and fix any problem that might be caused by updates to the application or to the OS distribution.
As was already mentioned in another post, run in permissive mode, for a few days if you must, and go through all the things the software does and voila! setroubleshoot and/or logs tell you what needs doing.
Very optimistic, that. In my shop, some things run annually. A comprehensive system test = production, for a year. Just this morning a 1099 (annual tax-form) script failed in test.
For some reason, I suspect that these annual stuff would be largely run by hand. Of course, it would be nice if you don't have to get a call for these annual stuff but I do not see that as absolutely so disabling that SELinux has to be disabled.