[Fedora-directory-devel] SELinux and directory server
Karl MacMillan
kmacmill at redhat.com
Wed May 9 18:20:14 UTC 2007
On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote:
> Karl MacMillan wrote:
> > The page http://directory.fedoraproject.org/wiki/Install_Guide suggests
> > putting selinux into permissive mode. Why? I've not seen any problems
> > running the directory server under enforcing (either fedora-ds-base from
> > extras or the full install).
>
> Without looking I suspect it is because the newer packages fit into the
> filesystem better so are probably covered by existing SELinux rules.
> When it was installed in /opt/fedora-ds alone there was no security
> context covering it.
>
Installing into /opt of a recent rawhide showed no problems. Even if it
was a problem it would have been a _very_ easy fix either in the policy
package or the directory server packages.
> It probably heavily depends on which release you're installing it onto
> as well.
>
I think that we need to work to resolve any issues and remove that
suggestion. At the very least it needs to specify specific OS and
directory server releases.
That blanket statement is very harmful and unnecessary.
I'll be happy to help you resolve any issues - just give me the specific
problems that you are seeing.
Karl
More information about the Fedora-directory-devel
mailing list