SELinux
I am not really sure if I can quantify how many blogs I read on the Internet where "the solution" to an issue is to disable SELinux, or at least set it into permissive mode. While I do not disagree that the immediate problem may then be resolved, it is a little like setting the filesystem permissions to rwx for all users authenticated or otherwise. Similarly, we all joke about users sticking post-it notes with password to the screen; there is little difference in this to an administrator disabling SELinux inappropriately.
There are reasons that the mandatory access control (MAC) list exists, and we as administrators should use it to our advantage. Traditionally, we are accustomed to using discretionary access control (DAC) lists and these can be set by users as well as root. The MAC is said to be mandatory, as it can only be applied and revoked by root.
First the DAC list is applied, and then the MAC list. SELinux never gives additional rights that were not there in the...
