Out out blue, I decided to migrate to the latest Fedora Core 3. So I backed up all the database data and all custom scripts and rebuilt the server last night. One of feature is SELinux (Security Enhanced Linux backed by NSA), so I chose to turn it on. Soon I knew I made a mistake and it’s a nightmare to deal with the complications at its current state. That’s De Ja Vu like when I upgraded with Windows XP SP2. Suddenly, many applications just stopped working.
Aapche didn’t work at all. After I inspected the error logs, I realized that it’s been denied access to the web content folders. Finally I figured out to use chcon to change security context on the web content folders with httpd_content_t.
It got worse later when I restored PostgreSQL database and found out that it’s not working anymore. It turned out that Perl was being denied access to some important file for socket connection to the database server. Since I don’t intend to become a SELinux export, so I decided to just turn off SELinux to have a working system back in my hand.
SELinux will be a great feature, but I won’t use it until all major applications have deployed working policy. Without a working system first, a security enhanced system may just be a pile of hardwares without turning on the power:-).