> I personally have immediately disabled SELinux on any and every box I've > ever installed for myself, and grind my teeth any time I even see the > word. I didn't disable it on the first fedora release it showed up on, and spent hours after that just trying to gain enough access to my own system to disable it when I found that basically nothing worked. Ever since then I not only disable it when installing, but also add selinux=0 to the kernel options just to be sure :-). > Would any of you out there care to share with me any of your personal > experiences with SELinux being useful to you (in any way whatsoever), on > a single-user workstation? I can't imagine ever having an experience where any form of security software turned out to be useful, but I do have a theory that explains selinux in fedora and apparmor in opensuse: Large numbers of government contracts need you to check a box for "enhanced security" in order to bid on them, therefore selinux was born. If redhat had shipped selinux in enterprise when it was in the condition it first showed up in fedora, they would have lost every paying enterprise customer, therefore they needed a large group of suckers to find all the obvious problems. That's us :-). Cross out redhat and selinux and write in suse and apparmor with a crayon, and the same explanation applies :-).
