What's special about SElinux

[Chuck Forsberg WA7KGX N2469R]

I tried configuring Linux so Apache wouldn't have to look
outside /var/www for any of its data.   I arranged the HD with
a separate partition for /var/www so Apache/SElinux would
be happy with its own little sandbox.  The installation failed.
Apparently Anaconda couldn't hack /var/www being on its
own file system.  So, back to the usual disk arrangement.

I installed Fedora 10 and immediately ran the updates,
all 770 MB of them, before doing anything else.  With
the storms in the west nobody seemed to miss omen.com
being down over Christmas.

With the up to date system, Apache would fail at line
280 on its init script insisting that the document root
had to be a directory.  I checked the syntax, directory
perms et al but no joy.  I didn't see an SElinux denial
popup.  Apache just thought its document root directory
wasn't a directory.  

Disabling SElinux made it all better.

There is something special about SElinux that makes it
such an issue for me and others in similar situations.
To adequately test Fedora before deploying it would
require a separate local network and a separate ISP
connection.  This is not a viable solution for many.

As a result, problems such as SElinux and Apache crop
up when a system is being brought online when downtime
to mess with the mess is not available in abundance.  The
necessary solution is to disable SElinux and hope the
next iteration will be ready for prime time.

If BSD is secure without SElinux, why not Fedora?

-- 
Chuck Forsberg    caf at omen.com   www.omen.com   503-614-0430
Developer of Industrial ZMODEM(Tm) for Embedded Applications
  Omen Technology Inc      "The High Reliability Software"
10255 NW Old Cornelius Pass Portland OR 97231   FAX 629-0665