<div dir="ltr">On Fri, Sep 20, 2013 at 12:22 PM, Gary Buhrmaster <span dir="ltr"><<a href="mailto:gary.buhrmaster@gmail.com" target="_blank">gary.buhrmaster@gmail.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, Sep 20, 2013 at 5:03 PM, Steve Magnani<br>
<<a href="mailto:user.serviceable@gmail.com">user.serviceable@gmail.com</a>> wrote:<br>
...<br>
<div class="im">> I'm well aware of what a pain SELinux is to work with and that it's much<br>
> easier to sidestep it - so I understand a decision not to devote endless<br>
> hours "playing nice" with it.<br>
<br>
</div>Well, since Richard is going to do the hard part of reviewing<br>
the mythweb code/package to assure FHS compatibility,<br>
doing just the SELinux part should be easier now. Maybe<br>
it will get higher in my todo list (unless Richard does that<br>
first too).<br></blockquote><div><br></div><div>Go ahead and take a stab at it, I would have to teach myself selinux first :)</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">> But personally, if I am forced to choose between SELinux and mythweb, I<br>
> will have to choose SELinux. In my setup, mythweb runs on our home<br>
> server that's also our gateway to the Internet, and it's not worth the<br>
> risk (to me) to drop the shields just to achieve FHS compliance for<br>
> mythweb.<br>
<br>
</div>There is some interesting discussions going on as to<br>
whether SELinux does what you want it to. However,<br>
as of now, there is no direct evidence that it does the<br>
reverse. You could always move to FreeBSD for an<br>
arguably better security environment for your gateway.<br>
Try FreeBSD, you will like it (and the MythTV BE can<br>
run on it, with some obvious limitations).</blockquote><div><br></div><div>It may not be possible depending on how many computers you have available, but you can run mythweb on a different computer from your FE or BE.... In either case, the rework of the mythweb package wouldn't change what you already have to do, you'd just point to different directories...</div>
<div><br></div><div>Thanks,</div><div>Richard </div></div></div></div>