On 05/10/2016 12:08 PM, m.roth at 5-cent.us wrote: > Which assumes that setting selinux to enforcing doesn't break your > websites, or the locally-created root directories that have been created > before an actual sysadmin came onboard, or.... > That's my biggest problem with SELinux. I suppose at some point I need to invest both time and money and take a class on it, but every time I try to use it - it gets in the way and when I try to resolve it, the documentation is very confusing and I think the documentation often makes assumptions about concepts being known that I don't know. I know that it can be a significant benefit when you are attacked with an exploit that either is either zero-day or hasn't been patched, but so far when I have tried enabling SELinux it ends up taking up hours and hours and hours of my time. And sometimes the problems are things like tmpfs - I don't remember exactly what it was, but I had an issue where when I finally got help, the answer was don't use tmpfs if you have SELinux enabled. I want to use it, I do, but so far it has only caused me grief.