This is not a troll post. I’m genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it’s a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat’s guide.
So yeah, why do we hate SELinux?
For me it’s not so much hate as just not really having experience with it, so most of the time if it causes an issue I either just find a command that sets the policy correctly, or more likely disable it.
I should spend some time figuring it out, but it’s just one more seemingly esoteric and arcane system that feels at first like it merely exists to get in my way, like systemd, and I’m left wondering do I really need this headache, and what is it really giving me anyway?
Do you feel that way about all MAC or just SELinux? AppArmour is similarly arcane when you’re in the zone configuring your application. TBH RedHat has troubleshooting instructions in their docs, I just Copts paste and edit as necessary and it doesn’t take that long. I guess I just spent more time at it
The only real permissions systems I’m familiar with are the basic octal permissions in *NIX and NTFS permissions. I know those aren’t really quite the same but they’re the closest I have actual experience with to be able to have an opinion about.
At one point I also knew a little iptables but that was over fifteen years ago now.
As said, I really should spend some time with them, I just need the motivation.
ACLs are pretty good and have come in handy for me multiple times