Can anyone give a real life example of where SELinux saved their security bacon? (or AppArmour if you wish). If not your own, a pointer to someone with a credible experience?
Not a lab test, not a white paper, not a best practice, not a CERT advisory, but a real example, something like audit2why showing a real hacking attempt stopped in its tracks?
(If you have no example, please keep commentary in comments instead of Answers.)
Thanks!
Best Answer
How about this from Russell Coker? It is a real life example as he has invited everyone onto his machine as root. At first glance I thought this was nuts but then you realize the power of SELinux to make root somewhat useless.
Here are some real life examples from his site.