Ralf Corsepius wrote:
No doubts, there probably have been such incidents. I can't comment on AppArmor (I am not using OpenSuSE), but I can comment on SELinux from my personal experience with it. And from that I would be very cautious to mention it as a "selling point", because I assume everybody using Fedora for a couple of months at some point has had his own experiences with it. It's helpful and harmful at the same time. Which side's tradeoffs overweight depends on the personal situation and a particular machine's purpose.
I understand that point and it's valid however it is a important differentiation. SELinux with the assorted set of security enhancements have been very useful in mitigating security issues. Even end users who tend to not like SELinux and turn it off have benefited it from it.
While SELinux policies a number of issues have been fixed with software that was using more privileges than necessary or need to be redesigned because there was fundamental flaws.
From the FC2 till now there have been tremendous improvements in the amount of programs covered by policy, comprehensiveness, flexibility of policy, administrative and debugging tools including graphical ones. Fedora today is probably the best integration of SELinux or similar technology in a mainstream system.
Rahul
