A great article on why to use SeLinux

[Thompson Freeman]

On 02/29/2008 09:32:06 AM, Patrick O'Callaghan wrote:
> On Fri, 2008-02-29 at 08:41 +0000, klybear wrote:
> > On Thu, 28 Feb 2008 09:31:05 +0900, John Summerfield
> wrote:
> >
> > > The only penetrations I've seen arrived by ssh. I
> don't think selinux
> > > would have helped there; the sorts of restrictions I
> can think of would
> > > also prevent the user from doing what users ought be
> able to do such as
> > > download stuff (including email), sending email and so
> forth.
> >
> > I'm new full time linux user, having temped with one or
> two distros in
> > the past, and I have to say that my experience of
> selinux has been
> > frustrating. I never had any Selinux issues with Ubuntu
> or Debian, but
> > since using Fedora, three of the four problems I've
> solved so far turned
> > out to be related selinux permissions and the fourth one
> I'm still
> > working on :)
> 
> AFAIK Selinux is disabled by default in Ubuntu and Debian.
> Note that you
> can also disable it (or limit it to warnings) in Fedora.
AFAIK, Ubuntu is applying Apparmour(sp??), not selinux.  
IMHO apparmour has some security value but not a whole lot  
due to a more limited coverage. YMMV of course, and I'm  
making no warrentee or anything else here.