selinux??

[Gordon Messmer]

On 01/26/2016 06:41 PM, Shawn Bakhtiar wrote:
> In fact there isn’t a single good reason to have SELinux enabled out of the box ...
> The functions it (as with systemD) servers are limited to a select area of operations.

I'd like to point out that the default policy is "targeted", which means 
that it only affects the "select area of operations" where it can help 
to contain an attack.