Russ herrold wrote: >> Quick question: do I really "need" to install the setools/setroubleshoot >> packages or can I live without them? They want to install 80 packages >> (gnome stuff, gstreamer, gtk, tcl/tk...) and I would like to avoid installing >> all sort of graphical tools/libs on my lean servers. >> Can I just install setools-console by example? > What does experiemntation with yum in a testing mode indicate > with the packageset on your box - dependency trees have an > effectively infinite number of permutations My question was more "do I really need this package to work with selinux?" I installed setools-console and so far it seems enough... So, can I skip setroubleshoot? >> If you know a must-have "selinux for dummies" like howto, apart from >> Redhat/Fedora doc or CentOS wiki > What is wrong with the article at: > http://wiki.centos.org/HowTos/SELinux Nothing wrong; I already read it, and will read the redhat doc... Just looking for all the doc I can find on the subject. And maybe also for the hidden secret magic button that will auto-write the hundreds custom policies we will need... Creating a custom policy for an apache to use a non standard rootdir or port seems indeed easy with audit2allow... But several of our servers are more or less 10% standard (rpm based) and 90% custom, with dozens of apps/scripts listening on dozens non standard ports, sockets, accessing many files here and there... So the task is a bit daunting. Thx, JD PS: Any one found/made a Zimbra policy module? ^_^