On Sat, Nov 27, 2010 at 03:29:49AM +0200, Eero Volotinen wrote: > > Usually it causes more problems. If you have unlimited resources to tune it up, > then it possibly helps on the way. Only if you don't bother to take the time to read any of the resources I previously provided or any of the other SElinux resources available on the 'net. SElinux is not brain surgery; spend some time with the documentation and you'll be surprised at how easily it all comes together after a while. Telling people to disable it is not only foolish but completely irresponsible; doubly so in a medium that exists to support users. If the best avenue was to disable it do you honestly think that upstream would enable it by default? This is 2010 - people are expected to actually make an effort at learning the systems they so casually throw up on the 'net and to take responsibility for those systems. Every time a box gets compromised it can pose a risk to the rest of us; please be mature and responsible enough to make it as difficult as possible to permit such a compromise in the first place. John -- Live a good life. If there are gods and they are just, they will not care how devout you have been, but will welcome you based on the virtues you have lived by. If there are gods, but unjust, then you should not want to worship them. If there are no gods, then you will be gone, but will have lived a noble life that will live on in the memories of your loved ones. -- Marcus Aurelius (121-180), philosopher and writer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20101126/89f2c56a/attachment-0005.sig>