Folks at the Fedora Project devel list asked us to enable and use SELinux.
So I sent this reply:
SELinux blocks some very basic functionality I use in my Linux systems. That’s why I disable it right away.
SELinux is too complex to learn on the moment that you are setting up a new system and want to deliver real value to your client, or simply want to test new features. That’s why I disable it right away.
I consider myself a security-aware user and sysadmin. I’m pretty satisfied with the level of security I currently employ on my setups, thus I don’t see value to use a new very complex security thing as SELinux. That’s why I disable it right away.
Just to explain why I (still) don’t use SELinux.
I believe security is achieved with awareness, responsability, consciousness. Not limitations.
I also believe that users that don’t have any of those, won’t accept limitations too.