As far as I could determine, dokuwiki was not in the repository, though it does seem to have been in the past. "yum install dokuwiki" says it isn't available, though I certainly agree that install from package is the right way to go and have the SELinux settings adjusted that way. I also don't think there was a deliberate inclusion of SELinux by uOttawa Telfer folk -- it's there in the Centos download. To explore the issue I got the iso and installed it in VirtualBox and SELinux was "enforcing" by default. I don't disagree with this, but a bit of hand holding would be welcome for someone of the Debian religion. It may or may not be important, but I find both the Telfer VM and my local VBox Centos machines to be painfully slow compared to Linux Mint, which itself seems a bit slow compared to CrunchBang or Lubuntu. Just an observation. We all like things quick. JN On 15-04-22 01:50 PM, Allan Fields wrote: > With discussion on the SE/Linux and restoring file context on site PHP > files when in enforcing mode.. > > One thing I couldn't help thinking and tempted to comment on is: the admin > should not have to do that by default, when you have a properly package RPM > file. > > Did you try from the RPM? > > I was not privy of Docuwiki install is by tarball or RPM. But in new RedHat > EL with targeted policy you can enforce per service and have it add > required context during installation. > > So in modern CentOS at least, this should be a non issue if using RPM. > Unless the packager has made a mistake and omit file context in RPM spec > file header. This might be a bugzilla/feature request item then. > > What I am not clear on is if this works in enforcing mode or not. It's good > of the people at U of O to keep the secure defaults, even despite potential > disgruntled users of the image. Because if only to raise awareness of this > important Linux pedagogical subject in the user community. The risk is > people saying: Linux is a hassle with all this SELinux or the limes and > switching to another EXE based installer platform. Not true. > > There should be a linked FAQ that suggests they use Se/Linux enabled > software install or as on this list, follow guidance sealert. Myself, I > claim not expertise, but rather have seen any sites force it to permissive, > to avoid hassle upfront. > > There is also in LPIC-1 and RHCE guides, detailing of which default > contexts apply to the httpd. But as usual, not nearly the required time to > tinker with it all. > > They should keep it default enforcing or at least consider "targeted" mode. > Might get less support calls to IT, if they use targeted. > > > [1] SELinux faq - "If the policy shipping with an application package > changes in a way that requires relabeling, will RPM handle relabeling the > files owned by the package?" > > https://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3202962 > > > [2] Centos 6 rpm package: docuwiki > > http://rpm.pbone.net/index.php3/stat/4/idpl/23718441/dir/centos_6/com/dokuwiki-2011.05.25a-10.3.noarch.rpm.html > > > Thanks, > Allan ("Out Here") Fields > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux >