On Monday, April 02, 2012 11:27:54 AM John Doe wrote: > ...self-compiled... As Jamie Hyneman would say, "well, there's your problem." Having said that, I run Plone on a few sites, and the only way to run Plone reliably on CentOS is to use the Plone-distributed unified installer, which compiles its own version of python, amongst other things. It took very little time to get that to run properly with CentOS 6.2 and the standard VirtualHostMonster proxy technique through apache httpd (couple of SELinux booleans and proper contexts on /opt/Plone/*). It took longer to set up the firewall rules than it did to set the SELinux boolean (since I needed WebDAV and remote client access to the ZEO server). That's with the targeted policy; with the strict policy it would be more difficult. The standard first step when something isn't working right is to make sure the contexts are correct; a relabel with restorecon -R -r on that tree is the first step, and beyond that a complete filesystem relabel (easy-peasy way: touch /.autorelabel and reboot (something you can do when the next kernel update comes down the update pipe)). The Samsung Unified Drivers for their multifunction printer devices falls into the category of being challenging; but now I know that to get it to work I just have to relabel /usr. No biggie. (The Samsung drivers are a story unto themselves!). And once you've done it for a particular app, document and/or script it so you can do it again more quickly (and give back to the community that makes all this possible by putting it on the CentOS wiki or somewhere). The first time I tracked down some 'mysterious' SELinux bad mojo took a while (much like the first tiime I tracked down some firewall nonesense for H.323 NAT traversal across cisco!). The next time it didn't take as long.