A lot of people are and don't know it - Fedora/CentOS SELinux comes shipped in "targeted" mode with some policies for common daemons (mysql, bind, ntp, etc).
Originally Posted by jalapeno55
Now setting up policies from scratch is pretty ridiculous - I still haven't come to fully grasp SELinux.. it's.. uniquely difficult but offers a fine grained control of every action. You'll want to look at the audit2allow command which writes policies based off of the logs of what got denied.
Alternatively you might want to check out grsecurity. It's a patch for the kernel updated by a guy named Brad Spengler. It basically makes changes to the kernel for different memory based attacks / buffer overflows as well as adds several other features (RBAC for instance). Its learning curve is far less of SELinux and it offers similar protection (more in some areas).
**EDIT** I believe most control panels including cPanel have you turn off SELinux simply because getting every portion of the panel to work with it (EX: getting the corresponding policies) would be too difficult to do in the first place / maintain.
█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.