Who uses SELinux on their systems and why?
In the early days of SELinux, at least 10 years ago, it was so frustrating and admin tools were so inadequate that I always disabled it. I want to get back to it now and wonder if it has any fans here and why they use it?
If there are any users here I have these questions for them:
What distro(s) do you use it with? I believe it is installed and configured automatically on Fedora/Redhat.
Do you use built-in settings, or customize for own use?
What admin tools come with it, what additional tools do you use?
Is it for own personal use, workplace computer or server administration?
Which aspects of your system do you mostly use it for?
Comments
Anyone who comments should watch this first.
Ionswitch.com | High Performance VPS in Seattle and Dallas since 2018
Since we're missing a snarky first post, how about a snarky second post:
I'm so concerned about Linux security that I only run BSDs on it.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
I use it with Centos/Oracle Enterprise and a Fedora box. It's installed by default and as long as you only use included packages it's about 90%. As soon as you wanna do anything even vaguely non-standard you're still modifying things though.
Both but primarily built-in.
I just use the semanage,setroubleshoot cli.
Why only one?
Defense in depth.
I wouldn't say I'm a fan per se .... but it's useful.
This pretty much sums things up. The tooling for working with it could be a lot better, but it's useful. I mean it's easy once you spend 10,000 hours fixing selinux problems.
I like the idea behind it, but ultimately, I think something like pledge and veil from OpenBSD or eBPF are probably better. Or at least easier to work with.
Nope.
I clever enough to know when I don't understand something...(and won't without massive time investment)