SELinux may give administrators extra flexibility, and add some extra "layers" of protection for critical files (depending on how the policies are set). But security pros usually consider complexity to be the enemy of good security - and this system is nothing if not complex.
I suspect that for every properly configured SELinux install, there will be several that leave gaping holes because they've been misconfigured. If distros come up with good default configs, that will help, but it probably won't be enough. People will still be placing too much trust in a system they (incorrectly) believe to be secure.
On the whole, I'd rate this a small net benefit. Not the big step forward one was hoping for.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds