On Tue, 2010-05-25 at 21:27 -0400, Whit Blauvelt wrote: > But if someone can tell me why selinux thinks it's sane to block > "/etc/init.d/smb start" while leaving "sh /etc/init.d/smb start" and even > /some/random/dir/smb start" wide open ... I just can't believe some happy > hacker at NSA thought that would count as a security scheme. Really, I'd > like to know how this is supposed to be useful. ---- It had good reason to because you did inhereitly edit it as shown by the previous rpm -V. I say you will have more SEL problems if you do not do a full relabel on boot. You really need selinux for samba to prevent buffer overflows. That is how it is usefull. John