While running earlier incarnations of SELinux indeed would have been harder I'd say in general not so hard as to make using it impossible as you could always have extended your local policy. The easiest start IMHO would have been to run RHEL 5U5, as it is the current version with all kernel, policy, userland fixes included, and SELinux enabled right from the start, as that would keep things in sync and help you catch exceptions earlier. If this machine is in production you might want to use a staging or virtual machine instead, enable SELinux in permissive mode, restore contexts and watch your messages and audit logs for problems.
|