On Thursday, December 09, 2010 11:06 AM, Warren Young wrote: > On 12/8/2010 5:00 PM, Christopher Chan wrote: >> On Thursday, December 09, 2010 05:00 AM, Warren Young wrote: >>> I assume you mean to advocate running updates infrequently, >> >> No, I advocate setting up SELinux properly which will take care of the >> automatic updates. > > That's great if you are wise enough to forsee all problems that an > automatic update can cause. > > I am not that wise. Neither am I. That's why I look at the logs when something goes boom so that I can have it taken care of. > > > Did you miss all the pointers to using semanage so >> that relabels will cover your non-default necessities? And that is not >> just from me too. > > Yes. I will freely admit to not having read everything in this > ponderous thread. :) Let me just say that the pointers I received and implemented have not given me any trouble even though the Moodle box I received from HQ has the mysql db in a non-default location and likewise the content. I, thus, find it rather irksome when people pop up here and say SELinux is a troublesome piece of rubbish that cannot be trusted but in reality they have not got a good enough understanding of the works (and in some cases don't even try to) and so things fell apart. I did not understand SELinux at first either when it first come out but it took just one morning when I really had to get it working. In case I come across as some pompous arrogant ass, let me just say that I only got SELinux running on a Centos box very recently (Sep 2010) and so others are more qualified to advocate SELinux but it sure was NOT rocket science to make sure Moodle and Mysql in areas outside /var/lib/mysql and /var/www/html still worked.