[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

Wed May 26 15:57:25 UTC 2010
Lars Hecking <lhecking at users.sourceforge.net>

> The *theoretical* system security improvement of SELinux is trumped by 
> the *practical* observation that I have had existing systems broken by 
> SELinux multiple times on the mere handful of systems I have run it on 
> in enforcing mode,  but have yet to see a single one of several dozen 
> (all internet exposed) up-to-date *non*-SELinux systems hacked.
> 
> It is a 'safety' feature that is in practice more dangerous to system 
> stability than what it is trying to fix. It is like having air bags in 
> your car that go off at random times while you are driving: It is NOT 
> acceptable behavior.
 
 Under CentOS 5.5, and I presume RHEL5.5 too, there is a small improvement
 in the shape of setroubleshoot-server, it at least gives you improved
 troubleshooting capabilities.

 Not that it helps when you upgrade a 5.4 machine to 5.5 and you get no
 selinux logging whatsoever because setroubleshoot-server wasn't installed
 during the upgrade. Note to self, need to add it to the minimal-kickstart
 configurations.



---------------------------------------------------------------
This message and any attachments may contain Cypress (or its
subsidiaries) confidential information. If it has been received
in error, please advise the sender and immediately delete this
message.
---------------------------------------------------------------