[COLUG] SELinux

[Jeffrey Tadlock]

On Mon, May 12, 2008 at 9:01 AM, Scott Merrill <skippy at skippy.net> wrote:
> Is anyone on the list actively using SELinux in their installations?

I have started using it on new server builds, the first one getting
set to hit production is a web server (CentOS 5).  I have also started
running SELinux on my Fedora desktops that I use personally.

>  Does it help?  If so, in what ways?

This remains to be seen as I am still early into my use of it.  As
Dave mentioned in his email, I spend more cycles on administration
issues at this point.  But I attribute that to my learning curve than
to actual faults with SELinux itself.  I expect my time administering
it to be lessened as my knowledge improves and being able to use it as
yet another tool in my toolbox.

This site lists a small handful of cases where SELinux helped mitigate a flaw:

http://www.tresys.com/selinux/   (Mitigation News on the left)

~Jeffrey