...it didn't really, but... is anyone still a selinux fanboi after the recent NSA revelations? if so then (Russell, I'm looking at you :-) why are you still confident selinux is a good thing and not just something designed to be so complex or so subtly buggy that the NSA can hide backdoors in it? there's already been one CVE where only those running selinux are vulnerable https://bugzilla.redhat.com/show_bug.cgi?id=517830 which at the time made me very happy I'd turned selinux off. Android 4.3 has started using selinux. do we really trust android vendors to be on top of complex selinux configs or would we be better off with it err, off? I doubt I'll be shipping my android roms with selinux on. that used to be 'cos I don't have the time to get it working and right, but now I also question its motivation and even the kernel implementation too. am I wrong? cheers, robin (yes, I've had a few and yes, this is a troll, but I'd still like to know if anyone's ever fully read and understood the implications of every distro selinux rule and every selinux line in the kernel - giving unaudited power to 3 letter agencies is not a sane way forward...)