>>> I would guess no one knows. But all of my CentOS installs are OOB as >>> concerning SELinux, except the two scalix installs, which have some >>> custom >>> 'stuff' thanks to the scalix instance naming. >> >> All I know is at the last two companies I worked at - AT&T, a small team >> building software for the NOC, a smaller root CA, and here at the federal >> agency I'm at, we either turned it off, or have it set to permissive. > > I disabled it on the last 1000 hosts *I* installed.... Hmmm... it would be interesting take some Centos systems with production like deployments (say 3 with SELinux and 3 without) and ask a professional pen-tester to try to get into them. Anyone willing to contribute funds (or time) to such a study? It would be educational experience and good PR, at the least.