[TriLUG] Thoughts on SELinux - PIA or a good thing?

[Ron Kelley]

Generally speaking, what do most people think about SELinux?  A colleague is reviewing some security auditing procedures that highly recommend using SELinux (he is running on CentOS 5.4 servers).  If they enable SElinux, they will have to do an entire regression test phase due to the potential effects of SELinux on their application (Ruby on Rails front-ended by Nginx.


Normally, I disable SELinux and IPTables on my servers because they are all behind firewalls (and I only open the necessary ports).  


What do you guys think?

-Ron