On Fri, 2005-07-29 at 09:52 -0400, Daniel J Walsh wrote: > Targeted policy goal is to protect Userspace from system space. So we > try to lock down all of system space into individual vaults or > compartments. So if someone breaks into you personal apache web > server/ftp server and gains a shell account. They can not gain access > to other parts of the system. With targeted policy, userspace should be > unaffected, so it you shouldn't really notice SELinux is running. Unfortunately, reality is different. Many tiny little problems related to SELinux interfere all over the place. My answer template to the original question: ATM, SELinux is a promising approach, but still has rough edges. - If you are willing and able to cope with small probs, you might like it as it could once safe your system/data. - If you are not able or willing to cope with these probs, switch it off. Your system won't be more vulnerable than most other Linux/Unix systems around, these days. Future will show, if SELinux is viable. Ralf
