[splesjaz]

While SELinux enabled distros usually comes with a targeted mode by default Gentoo hardened has strict mode in it's policy rules, everything is confined with that policy.

Usually only targeted applications are confined by default and allowing unconfined applications to run without any protection.

Apparmor is easy and anyone can understand how it works after reading the wiki, while apparmor also has neat functions you need to compile them in sadly :(

OpenBSD is great, first you can leave it running for a long time without thinking about security bugs or updates, instead Linux you have to keep close eye to kernel updates & application patches, that's why things like mailservers & DNS & NTP and more are running OpenBSD because I know it doesn't need critical updates every week and uptime is critical for me.