[CentOS] Selinux extra packages and compiled apps

Tue Sep 6 13:03:10 UTC 2011
John Doe <jdmls at yahoo.com>

Russ herrold wrote:
>> Quick question: do I really "need" to install the setools/setroubleshoot
>> packages or can I live without them?  They want to install 80 packages
>> (gnome stuff, gstreamer, gtk, tcl/tk...) and I would like to avoid installing
>> all sort of graphical tools/libs on my lean servers.
>> Can I just install setools-console by example?
> What does experiemntation with yum in a testing mode indicate 
> with  the packageset on your box - dependency trees have an 
> effectively infinite number of permutations

My question was more "do I really need this package to work with selinux?"
I installed setools-console and so far it seems enough...
So, can I skip setroubleshoot?

>> If you know a must-have "selinux for dummies" like howto, apart from
>> Redhat/Fedora doc or CentOS wiki
> What is wrong with the article at:
> http://wiki.centos.org/HowTos/SELinux

Nothing wrong; I already read it, and will read the redhat doc...
Just looking for all the doc I can find on the subject.
And maybe also for the hidden secret magic button that will auto-write 
the hundreds custom policies we will need...
Creating a custom policy for an apache to use a non standard rootdir or 
port seems indeed easy with audit2allow...  But several of our servers 
are more or less 10% standard (rpm based) and 90% custom, with dozens 
of apps/scripts listening on dozens non standard ports, sockets, accessing 
many files here and there...
So the task is a bit daunting.

Thx,
JD

PS: Any one found/made a Zimbra policy module?  ^_^