Also wanted to back up dpquigl in response to your #4 point...
At absolutely NO point have I ever encountered a response about SELinux from anyone (lists,
irc, etc) who was condescending to me or considered my inquires 'simple' or 'stupid'. I think
this comment is overly harsh in that regard.
Heck, I've learned quite a bit just in the 50+ or so comments here today - thanks again to OFE
(Our Favorite Editor, JC for even keeping this topic important, which it is, imho).
Lastly, I support SELinux 'policy ON by default'. Kudos to RedHat for being persistent on this
matter. I was trained that good policy on *NIX was always 'deny by default, allow by approved
request' from well before the SEL era...and default SEL is violating that principle ?...how ?