[chucky_z]

I was simply disagreeing with the title of "SELinux is beyond saving." SELinux doesn't need saving for those who have a strong use-case. There are some great lesser alternatives like AppArmor, grsec, TOMOYO, and AKARI if SELinux can't work for you. :)

[viraptor]

I did a quick review of available solutions some time ago, and what you're listing (apart from apparmor) is not an alternative. I'm assuming that if you're serious about security and capable of digging into complexity, you can just stay with selinux. So if you lack those:

grsec (rbac) - distributions don't really include it apart from arch, gentoo, and other high-maintenance ones; default targetted configs not included

tomoyo - easy to use for developers, but also often not available in default kernel; for normal users? start by explaining to them what syscalls and ioctls are; default targetted configs not included

akari - you're on your own to compile it in, and the tools, and figure out which version you want, and ... (not simple process); default targetted configs not included

apparmor - the only user-friendly alternative right now

[tagrun]

> There are some great lesser alternatives like AppArmor, grsec,

Lesser? grsecurity is actually a far superior alternative to SELinux: https://grsecurity.net/compare.php

It's unfortunate that their stable patches are no longer available publicly: https://grsecurity.net/announce.php

[mcguire]

Well, unless you've been blocked from getting it by what's-his-name.