On Thu, 17 Nov 2005, Lamar Owen wrote: > What is on-topic is the simple fact that CentOS ships with SELinux > on by default; this is the way things are, whether you or I like it > or not. I happen to like it; YMMV. I quite strongly disagree that > the answer to SELinux problems should be 'turn it off' as this is > the lazy way out. That's a bit too declarative for my taste. It certainly could be the lazy way out -- or it could be a sysadmin asking the honest question: is it worth more to my organization *now* for me to spend X hours figuring out SELinux policies or to spend those hours on a different project. You and Lee both have valid points, and I appreciate the discussion. I'd be hard-pressed, however, to deride the admin who chose to install SELinux in permissive mode because s/he made an honest assessment that the time was better spent elsewhere. It could be laziness. It could be priorities. From the cheap seats, that assessment isn't mine to make. As for the machines under my care, most work fine in targeted mode. For now, those few that don't get the permissive treatment because, frankly, I don't have the luxury of telling my executive staff that their priorities need to wait while I solve SELinux policy issues. -- Paul Heinlein <> heinlein at madboa.com <> www.madboa.com