never turn it off! this way you learn something every day and in the end you have some extra security along with grey hairs
I tent do start using it getsebool setsebool is not that hard these days
Its a difficult concept to grasp, but once you get it down you understand why its necessary. You can usually get it to work with apps that aren't' supported natively however it can require considerable configuration changes. I'm not going to lie though, it took me reading over SELinux documentation multiple times to understand its functions and configurations.
Comments
It's used in Production - and hated.
Luck is what happens when preparation meets opportunity
I tent do start using it getsebool setsebool is not that hard these days
The best tutorial I found is this: https://wiki.gentoo.org/wiki/SELinux
There are a number of tutorials on youtube which have also helped me.
Yes, I was like everyone else. At first I set it to disabled, however I kept at it and now I'm getting it.
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
One other possibility is the use of HIPS in place of SELinux. Even then you want to keep it in permissive mode for logging purposes.
2012 version: https://www.youtube.com/watch?v=MxjenQ31b70
2015 version: https://www.youtube.com/watch?v=cNoVgDqqJmM
sealert is your best friend.