On Tue, Jul 10, 2012 at 6:35 AM, Nico Kadel-Garcia <[log in to unmask]> wrote: > > You might also consider disabling SELinux, if the machine is behind > reasonable firewalls. SELinux has been a *disaster* in system > security, costing far more wasted productivity and engineering > resources than many of active worms or attack vectors of the Linux > world, most of which it does not really help with. (Bad PHP is bad > PHP, and SELinux does not necessarily help at all.) > let's agree to disagree on this one :-) I have not had major issues since ... fedora 8? It is true that selinux is a new tool and thus not so well understood by plenty of people, but I quite like it. It is quite simple once you take the time to learn it (like everything in life) and we routinely deploy settings from cfengine for it. -- groet, natxo