On Thu, Oct 20, 2011 at 10:50 PM, RILINDO FOSTER <[log in to unmask]> wrote:
> SELinux is just a couple of more of steps when configuring the system. Its a not a large deal once you figure out the basic command set.  In fact, come of the steps configuring an app for SELinux is even outlined in the man pages and some of the application docs, (notably Samba).

Until it breaks something, unpredictably. For example, restoration of
previously working software with "rsync" from another working system,
or "tar" from backup tape, will not set SELinux. So if you've been
using Amanda or live rsync backups of your OS, the SELinux
configuration is *gone* if you attempt to replicate components of it.
And various web utilities whose authors refuse to follow the published
guidelines of the File System Hierarchy and slap their oddities all
over your filesystem will not work well when they demand to be stuffed
in "/home/html".

> Worse case, you can use the audit file as well as the SELinux Troubleshooter utility to diagnose the issue. In most case, it is easy to resolve.

Until it's not. It's *expensive* engineering time, and its usefulness
in the face of claims like "we trust the people we work with!" and "if
they're already inside our network, we have much bigger problems" lead
to policies that can get you fired for burning time on this.