On 1/29/09, Rob Kampen <rkampen at kampensonline.com> wrote: . > Does anyone use SELinux on their work-station i.e. the place where you try > things out, debug things etc?? or is it really only for stable systems where > not many OS changes and new program trials occur? > I know that asterisk doesn't play nice with SELinux, even in permissive mode > it fails to work, and yet this is one area where I would like to have it > work as my phone system is VITAL to my business! > Thanks > Rob We use SELinux on both our workstations and our servers. We run them in permissive mode for a while, do our testing and then switch to enforcing once we have cleared up any denials. Run tests then if it all looks good , put the boxen into production. Audit2allow and other such tools are very useful in creating any policy changes that you require and the selinux mailling lists are helpful as well. The main thing i have been caught out with is when using tftp to transfer configs from our cisco kit to my workstation in that when i touch the file i need to set the correct context for it. Russell Coker's site is a good place for selinux info <http://www.coker.com.au/selinux/> mike