Bryan J. Smith wrote: >Unfortunately, Mandatory Access Controls (MACs) are a necessary >accountability detail needed in many environments. > ><snip> > > >But we needed MAC. It's a good thing to have in many environments -- >especially where accountability is essential. > > I concede that SElinux may be useful in some enterprise environments or on systems with shared access. For a typical server install, it's simply in the way because it breaks so many other packages and creates an extra layer of complexity where it's really not necessary. I've always thought it should be turned off by default. People that need MAC will know how to turn it back on and it will spare "the innocents" (grin) from posting a gazillion messages about why their favourite software packages are broken with CentOS/RHEL/etc. Cheers, C