SELinux survey (was RE: Stupid F7 boot loop)

[Tim]

On Wed, 2007-08-29 at 17:17 +0200, Andrew Kelly wrote:

> I personally have immediately disabled SELinux on any and every box I've
> ever installed for myself, and grind my teeth any time I even see the
> word. 
> 
> Would any of you out there care to share with me any of your personal
> experiences with SELinux being useful to you (in any way whatsoever), on
> a single-user workstation?

I don't recall having any real problems with it since about FC3, or on
really slow PCs (it does add to the workload).  Since then, I've left it
on, pretty much with the defaults, but occasionally tweaking some of the
options on machines that run servers (e.g. allowing a bit more access
where sharing homespaces over NFS, and webserving, needed it).

Occasionally, there'll be an update that goofs something, but they're
usually fixed pretty quickly.  It can be too much of a show stopper for
it not to get another update out as fast as possible.

These days, the troubleshooter makes it much easier to see what a
problem is, so you can do something about it.  I get a pop-up warning
near the clock that there was a SELinux alert, and I can click for a
report (which shows what program got its knickers in a twist).

-- 
(This box runs FC5, my others run FC4 & FC6, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.