On 12/8/10 4:22 AM, David Sommerseth wrote: > On 30/11/10 03:52, cpolish at surewest.net wrote: >> Christopher Chan wrote: >>> Les Mikesell wrote: > [...snip...] >>> As was already mentioned in another post, run in permissive mode, for a >>> few days if you must, and go through all the things the software does >>> and voila! setroubleshoot and/or logs tell you what needs doing. >> >> Very optimistic, that. In my shop, some things run annually. >> A comprehensive system test = production, for a year. Just >> this morning a 1099 (annual tax-form) script failed in test. > > So you would rather disable SELinux completely - 365 days a year, rather > than to switch to permissive mode when running this script once a year? > > I'm sorry, but I'm not able follow that logic. In our case if something fails once a year we lose customers and money. I'd expect that to be fairly common. -- Les Mikesell lesmikesell at gmail.com