-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/10/14 14:23, Daniel Watson wrote: > PS. LAX is fixed, stupid selinux who needs it :D > Well, it's a free world, so you can do whatever you want to ... But my advice (and same for all people within CentOS) is to use selinux everywhere. It's really not hard and we run selinux all those nodes behind msync/mirror.centos.org (and everywhere else) Let's not start a thread about selinux here, (as it's the centos-mirror list) but feel free to join the main one to discuss that if you want to. Just the last ShellShock issue from last week would suffice to have selinux in enforcing mode everywhere you can (while it didn't stop it, it contained more than without as a simple example) I use that sentence when I give my "configuring selinux with your cfgmgmt tool - puppet and ansible covered" talk : "Security is a chain : it's only as secure as the weakest link" ;-) - -- Fabian Arrotin gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQtTM0ACgkQnVkHo1a+xU77lQCfTZuGGVIynmSrJ+nxgNI+hBlH YpoAn3pkS/y5WP+dHHbf07RubmIju/cS =RYIZ -----END PGP SIGNATURE-----