> > you can't make a useful argument out of ignorance. You are being religious, and wrong. See below. > If you don't want to use SELinux, then disable it. This is a good idea. Disabling SELinux is the first thing that should be done, since (as this conversation proves plainly) what we don't know CAN hurt us, this is a useful argument arising out of ignorance. > Otherwise, learn to understand how it operates and deal with it. SELinux should (my religion) be disabled by default, and enabled to the degree the victim err administrator understands what to expect when SELinux is enabled, and iff said administrator desires the aforehinted effects. > one certain way to cause issues with SELinux is to copy files > created in other directories or other computers onto another > computer because it will not have the proper security > contexts so the way to fix that is to make sure your policy > files are all up to date and then relabel your file system > which should set the contexts to their proper labels. My religion: 1: Disable SELinux. 2: If you think you need whatever SELinux offers, get a degree in SELinux administration sufficient to understand the ramifications of the (potential) policies. 3: Enable SELinux to the degree needed. I've not yet seen a reason to enable SELinux. Ever. Anywhere. It is *that* badly presented to the administrators who (would) suffer it. It has (for me) broken things that were before working, it has fixed nothing that was before broken, it has been nothing but one more cadre of magicians-of-dubious-value in Pharaoh's Court. ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated**