Running FC3? Had trouble getting Alias working with Apache when pointing outside of /var/www? Three hours of my life got burned up figuring this one out. Story here.
Quoting what you said on the other site: "The Punchline is that Fedora Core includes an entirely separate, parallel security mechanism called SELinux (Security-enhanced Linux), which is configured out-of-the-box to restrict which directories httpd has access to. (Dig through
During the install you must have missed the prompt asking if you want to enable SELinux (or does that only come up when you do a custom install?). It made it pretty clear to me that enabling it would make the install anything but ordinary.
Re:Missed prompt?
dws on 2005-03-26T19:28:59
I'm told that the prompt for SELinux only comes up during a custom install. I've also been chastised for not doing a custom install.
having followed the outgrowth of Fedora Core 3 continually from Red Hat 7.2 onward, I can pretty much deny that Fedora Core 3 sucks.
If anyone had been paying attention, they would certainly have noticed that SELinux was introduced in Fedora Core 2 , coinciding, IIRC, with the inclusion of the 2.6 kernel -- and has little or nothing to do with Fedora Core 2 or 3.
As a matter of fact, Red Hat Magazine wrote about SELinux recently in their November 2004 article.
Fedora Core 3's installer does ask you about SELinux and doesn't just turn it on by default, and there are also boot-options for the kernel line in grub.conf that you can use to test operations as well.
I've only started playing with SELinux myself to learn more about it, but it isn't as if it hasn't been plastered all over the news WRT the 2.6.x kernel. The fact that you, as system administrator, enabled a service with which you were unfamiliar and suffered consequences thereby is far and away NOT the fault of Fedora OR Red Hat. Neither of whom, IMNERHO, suck.
And in case one was unaware of it, the policy rules also see frequent updates as new patches, and scenarios cross the desks of the Fedora maintainers. I commonly see updates to the SELinux policy rules while applying security patches via Yum. This doesn't strike me as the action of people who are unaware of your needs and problems (unless of course you're merely bitching just to bitch, and haven't applied yourself to posting a bug-report to bugzilla.redhat.com in an effort to see Fedora Core improve any.
Re:Fedora Sucks Less.
dws on 2005-03-26T19:45:58
Where did you get the idea that I was a system administrator? And where did you get the idea I was saying that RedHat or Fedora suck? I didn't say either. I'm quite happy with Fedora on the whole, other than feeling ambushed by a "feature" that causes such cryptic failures if you try to color outside the lines. Every system has its rough edges.
For a Sysadmin to install Fedora without knowing about SELinux would border on criminal. But if you're coming at it as a developer who needs a platform for Apache, and you need to get off of RH9, SELinux barely gets mentioned. It's not talked about in the places where developers get together to talk, and none of the Apache books that I've seen mention it. Try super searching for "selinux" on Perlmonks, for example.
