On Tue, Jul 10, 2012 at 6:35 AM, Nico Kadel-Garcia <[log in to unmask]> wrote:

>
> You might also consider disabling SELinux, if the machine is behind
> reasonable firewalls. SELinux has been a *disaster* in system
> security, costing far more wasted productivity and engineering
> resources than many of active worms or attack vectors of the Linux
> world, most of which it does not really help with. (Bad PHP is bad
> PHP, and SELinux does not necessarily help at all.)
>

 let's agree to disagree on this one :-)

I have not had major issues since ... fedora 8?

It is true that selinux is a new tool and thus not so well understood by
plenty of people, but I quite like it. It is quite simple once you take the
time to learn it (like everything in life) and we routinely deploy settings
from cfengine for it.

-- 
groet,
natxo