What I did was quoted a sentence of what you wrote, which no amount of context could have made true. You were very explicit in what you wrote, and that is what my comment of "wrong, wrong, wrong" was explicitly directed toward. If you had left that part out, I would have had no real objection to your post.
SELinux in general improves security by reducing attack surface.
SELinux (with proper policy) prevents applications from shooting themselves in the foot.
SELinux can increase required exploit complexity.
All of these statements I have no problem with.
that I take issue with, and will continue to point out when I see it. I wrote a section of our Wiki (http://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System#L...) that puts the information up front (it's the first thing after describing what the RBAC system is) that we plan to update soon with more of a historical lesson of the environment from which access control systems and models originated, how the problem being solved at the time was curbing the problem of careless (specifically, not malicious -- they were considered trusted) administrators.
It was about people control, not program control. Modern day threats like determined/skilled/funded attackers or even modern networking weren't even part of the picture. Any time networking was discussed, it involved private, trusted networks where all machines involved were protected under the same security model. Clearly the Internet is not such a network.
So what you see from people who drink the kool-aid of these old security models and concepts is erroneous extrapolation to a modern environment that these things they hold in such high regard weren't even designed for. It's this kind of misguided illusion that I've been trying to inject doses of reality in for some years now.
As for actually accomplishing stuff, we spend a lot more time doing it than we do talking about it (for instance, I only recently wrote a list of what we developed over the past couple months: http://grsecurity.net/news.php#develup) but that doesn't have anything to do with the original discussion.