I definitely do not hate SELinux, I think it’s a great system. But my experience mostly (at home, anyway) comes from managing servers running Kubernetes clusters and, like, just using podman do deploy containers. In both these cases SELinux is a on “just works” basis, for the most part.
Then in enterprise environment that doesn’t run everything on containers, you usually have a very standardized way of applying SELinux policies. At my last place of work we did it via a rather Ansible role. It was simple and easy.
But I can imagine using SELinux at home, where you maybe don’t have these things, might be a rather “mysterious” experience. It’s not the most obvious system.
But learning to write your own policies (even if just trough se2allow or whatever it’s called) does de-mystify SELinix pretty quick.
I definitely do not hate SELinux, I think it’s a great system. But my experience mostly (at home, anyway) comes from managing servers running Kubernetes clusters and, like, just using podman do deploy containers. In both these cases SELinux is a on “just works” basis, for the most part.
Then in enterprise environment that doesn’t run everything on containers, you usually have a very standardized way of applying SELinux policies. At my last place of work we did it via a rather Ansible role. It was simple and easy.
But I can imagine using SELinux at home, where you maybe don’t have these things, might be a rather “mysterious” experience. It’s not the most obvious system.
But learning to write your own policies (even if just trough se2allow or whatever it’s called) does de-mystify SELinix pretty quick.