[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

Jerry Franz jfranz at freerun.com
Thu May 27 16:33:41 UTC 2010


On 05/27/2010 08:51 AM, Gordon Messmer wrote:
> On 05/27/2010 05:55 AM, Jerry Franz wrote:
>    
>> I have *twenty* virtual machines I deploy updates to before it ever
>> touches my production systems. Not everything is testable on
>> non-production machines.
>>      
> ...
>    
>> Now back to fixing the SELinux configuration on a machine I had to put
>> in 'permissive' mode a few weeks ago because the last round of SELinux
>> updates broke the web server's ability to open its own log files.
>>      
> That sounds like the sort of thing that you'd have noticed if you'd
> applied the update and started the service on a test host before production.
>    

I have finite resources.

If I had junior admins who could spend weeks doing testing of every 
update before deployment, twice as many physical machines as I now have 
so I could deploy dozens of VMs _just for testing updates_ (and let's 
not even begin to discuss the non-virtualizable machines such as the 
backups storage servers) , an extra co-location rack to put those 
additional servers in, and the budget to fix any emergent SELinux 
breakage, then, yeah, that would work. At a net cost several times 
higher than my current budget.

Or I can turn off SELinux on most of my systems and not get my systems 
gratuitously broken every few to several months by SELinux policy 
updates. For my current budget.

Hmmm.... What to do... What to do....

-- 
Benjamin Franz



More information about the CentOS mailing list