On Fri, 2007-09-21 at 01:48 -0500, Mike McCarty wrote: > The firewall intends to prevent compromise. > SELinux intends to mitigate damage on a compromised machine. I think a better description would be that SELinux intends to keep a compromised application from becoming a compromised system.