M. Fioretti wrote:
People who say "turn it off" do so because the either don't understand what it does OR they don't know how to use it.
Sure. This could be due to the feature not being sufficiently documented (see my earlier comments in the thread on ssl, for example), something that in practice would still make it hardly usable for all but the most competent, full-time sysadmins. Regardless of how well it's working or is packaged in any distro.
If you're staying with software supplied by CentOS and use the standard paths for apache, postfix, squirrelmail and so on, you probably won't be able to tell that SELinux is turned on.
As soon as you're beginning to add software from somewhere else, things can get funny. But even for those solution aren't that far away :)
Cheers,
Ralph