On Thursday, December 18th, 2025 at 2:04 PM, Michael Schumacher via Postfix-users <[email protected]> wrote:
> > > > The thread starter mentioned AlmaLinux: I already had the issue on RHEL > > based platforms that hand-crafted config files were reset / regenerated by > > system updates to defaults. Which, of course, made services stop working. > > You might escpecially want to watch out for files with .rpmsave (and maybe > > .rpmnew) suffix. It seems RPM package maintainers have to manually apply > > special rules to files to prevent the updates from overwriting newer, > > user-edited config files: "%config(noreplace)" Even marking them as > > "%config" seems to be insufficient. > > > It could be selinux reversing configuration modifications. > > Been there, done that :-) > -- > Mit freundlichen Grüßen, > Michael Schumacher Google AI Overview: No, Virtualmin doesn't inherently enforce SELinux; in fact, its default installations often run with SELinux disabled or in permissive mode, as SELinux policies can conflict with Virtualmin's default configurations and permissions, causing issues, though it can work with proper SELinux booleans set. The platform prioritizes user-friendly setups, making SELinux less of a default focus, leading many users to turn it off for simplicity, despite the security benefits of keeping it enabled. Key Points on Virtualmin & SELinux: Default is Often Off/Permissive: On many distributions, Virtualmin installs with SELinux disabled or in "permissive" mode (logging violations but not blocking them) to avoid immediate permission errors. User Preference: Many Virtualmin users, especially beginners, find SELinux too complex and disable it to get their sites running quickly. Compatibility Issues: Specific Virtualmin components (like miniserv.pid for Usermin) can clash with default SELinux policies, requiring specific context adjustments. It Can Work: With careful configuration and enabling specific SELinux booleans (like those for web servers and PHP), Virtualmin can run effectively with SELinux in enforcing mode, but this requires more advanced setup. In Summary: Virtualmin doesn't force SELinux; it often works around it or leaves it disabled by default for ease of use, but you can configure it to work securely with SELinux if you're comfortable with policy adjustments. Regards, Mr. Turritopsis Dohrnii Teo En Ming Extremely Democratic People's Republic of Singapore 19 December 2025 Friday 11.39 AM Singapore Time _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
