Quote:
Originally Posted by nbcohen
I can run setsebool on the command line and it doesn't seem to complain. But then re-running my CMS install brings up the same error.
|
While I am not familiar with the F9 SE Linux policy and don't know the "this machine has a tightened security policy" part, the text points to running 'chcon' on the files the webserver should access. For that you need to know which files need to be accessed and in what way. Checking your syslog and access_log may hold more clues. Checking (error_)logs is good anyway in case you do actually run SE Linux in permissive mode (run 'getenforce' to see mode) and other errors occur.
Quote:
Originally Posted by nbcohen
(Secondary question - is disabling SELinux a bad thing to do??)
|
While running SE Linux makes it look like it's harder to have "fun" with your machine it considerably increases the security posture of your machine. It does work and Real Life examples make it "combat-proven". Next to that a CMS isn't exactly the least vulnerable software around. A lot of times flaws are abused faster than the user updates the software. Next to that you're running F9. Reporting (Fedora bug tracker) any problems running it could help others and so help evolve this distribution. Every Fedora user should help. Taken all into account that makes yours a
primary question to which the answer is "yes". Disabling SE Linux should not be an involuntary reflex or advice given out of laziness, and should only be disabled after reviewing other security measures and on a case by case basis.