What do you guys think about SELinux? Any fun or not so fun stories? Do you use it, or turn it off as soon as possible?

:: listens to the crickets ::

It doesn't get in my way but at the same time I'm not making much advantage of it

I never did mess with SELinux much, but I do use PaX and grsec on my Gentoo box at the house.

Do you currently have it set to Enforcing? It usually manages to trip me up when I least expect it.

PaX looks cool, does it come with all of the elf utils? like scanelf, and dumpelf? Are they handy, or just something that never gets used?

There used to be a kernel patch out there that would only allow users to see their own processes. Doesn't the GRSec kernel have that too?

I usually wind up disabling so much of it I am certain i am defeating the purpose.

Well, even if you disable the majority of it, the context stuff seems like it could come in handy.

I used to leave it on and try to resolve the problems as they appeared. Then after a few months of no problems, I forgot about it. Then one day I needed to open an office document from one of my professors... open office would just error with some vague window manager error. After a few hours of trouble shooting it dawned on me to check the logs... of course, SELinux. From there on out I disabled it entirely.

I know it has the potential to be really useful. But, from what it looks like, no one bothers with it.

James, depends on the type of server you running. Selinux is a pain in the ass.

Sometimes takes to much time to be able to customize it enough to be able to run normal stuff in a hosting server.

I have it running depending on the client need and what they are going to run on the server.