This is not a troll post. I’m genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it’s a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat’s guide.
So yeah, why do we hate SELinux?
Exactly. I use setroubleshoot myself and it’s awesome.
I agree that creating custom policies for a bunch of apps day in day out will be tiring. But that is an argument against all MAC. I personally don’t want to see Linux going the way of abandoning MAC
How do you know when you’re letting through a valid access, an unnecessary one that could be a vulnerability, and an actively malicious one?
I don’t think anyone is saying throw out all access control, they’re just saying SELinux adds too much unproductive friction for everyday usage. You said it takes 15m to troubleshoot. But that’s not a one time thing, that’s 15m that scales with the amount of new programs and updates you’re running. And 90% of people aren’t even going to be able to tell they’re looking at a malicious access if they’re in the habit of always working around blocks that show up.