APParmor is fine but it really only handles file system restrictions not system call restrictions. If they added that then there would be some reasonable arguments about which approach was better. As it is I need functionality from SELinux to secure my system - its not that hard to configure for...

[ more ]