Hello, I too was trying SELinux but gave up, it was more trouble than it was worth. You may want to try Apparmor, it's what I put my efforts into afterwards and is easier to manage and understand. It requires compiling the kernel as well, but no patches to anything else. You can easily create profiles yourself (much easier than SELinux policies), completely sandboxing any process you want. Hope this helps, João Miguel
