[CentOS] Defaults of CentOS Install not working with SELinux

Thu Apr 30 17:44:52 UTC 2009
Lanny Marcus <lmmailinglists at gmail.com>

On Thu, Apr 30, 2009 at 9:07 AM, Dan Roberts <dan at jlazyh.com> wrote:
> Following a hard drive corruption I have reinstalled the latest version of
> CentOS and all current patch files.
> For most applications I selected the default options.  By doing this I
> expected that the packages would play nice with one another and I could
> customize as necessary.
> Setting SELinux to enforce I encountered all sorts of problems - but most
> were resolvable, save for Dovecot, Procmail (for spamc), and an odd one
<snip>
> take on making a local policy module I am quickly getting lost .   The
> option to simply disable SElinux with respect to Apache, Dovecote or
> anything else is suggested - but not something I see in the GUI window, and
> I have not figured out how to do it from the command line.

Disabling SELinux is *not* recommended, by those who know, on this
mailing list and in other places.  Maybe drop it down from "Enforcing"
to Permissive, until you get it configured properly.

You might want to go to <http://www.nsa.gov/> and download the .pdf
version of their manual about hardening RHEL 5. Look for the December
20, 2007 version. On page 42, they begin discussing SELinux and how to
configure/troubleshoot it. "Guide to the Secure Configuration of Red
Hat Enterprise Linux 5". HTH and GL