> I was wondering if there was any harm in disabling the NSA SELinux support > in my gentoo-sources based kernel.
There is no harm, but if you were interested a lot of packages come with policies by default. Currently there is no support for SELinux in Gentoo for the vast majority of desktop applications. It is a little bit of work to get anything nonfunctional working. There are additional modes where you can simply run your user as unconfined and any services will be restricted by SELinux. grsecurity's RBAC is an alternative where you simply let it generate a policy based on what it sees you use. Notably, Fedora and CentOS enable SELinux by default. > SELinux is the only one I've had a bit of experience with - I run CentOS > (SELinux is enabled by default) for some personal-use-only services that > I want to run without dealing with Gentoo. My first step in a CentOS > install is to disable SELinux (and the firewall, hehe) to avoid dealing > with the pain of wading through documentation for hours on end. http://stopdisablingselinux.com/ - your distribution probably comes with policies for everything you want to install, anyway...
