On Wed, 2007-08-29 at 17:09 +0100, Alan Cox wrote: > > Would any of you out there care to share with me any of your personal > > experiences with SELinux being useful to you (in any way whatsoever), on > > a single-user workstation? > > I leave it on On a single-user workstation I'd leave it on, because the real issue related to SELinux don't occur on single-user workstations, but in networks, where SELinux tends to interfere with network services. > and haven't had any problems with it for the past few > releases. Well, sometime earlier this week, an SELinux update caused my old i586 to run out of memory during a yum update - but that's definitely not a typical situation. I've also observed similar effects to occur during relabeling when with mock installed (infinite recursions into /var/lib/mock). > It makes a large subset of potentially exploitable holes turn > into rather unexploitable ones and that to me is of value. Ralf