Why do we hate SELinux?
-
This is not a troll post. I'm genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it's a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat's guide.
So yeah, why do we hate SELinux?
Nothing wrong with it
It was built years ago by the NSA but I'm sure that by now any backdoors nwould have been found
Having said that: it could use some rework to become more intuitive, especially with the error messages and how to resolve them
-
In the time it took you to type that comment here, you could have typed it in Google and gotten an immediate response
Some people like to talk to each other. Like people who are people?
-
Some people like to talk to each other. Like people who are people?
-
Yep, we're right up there with lazy people who literally ask strangers to Google things for them and then sit back and wait for the response to be delivered to them personally. The worst.
This is an online DISCUSSION
Stfu
-
In the time it took you to type that comment here, you could have typed it in Google and gotten an immediate response
Was trying to start a discussion, my bad.
-
Yep, we're right up there with lazy people who literally ask strangers to Google things for them and then sit back and wait for the response to be delivered to them personally. The worst.
If they brought up SELinux I'd assume they had no need to Google it.
-
This is not a troll post. I'm genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it's a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat's guide.
So yeah, why do we hate SELinux?
It's more work to get things to work. You have to be more explicit as a dev.
Personally I really like it, and wish there was more support for MLS features it has in Userland
-
If they brought up SELinux I'd assume they had no need to Google it.
-
This is an online DISCUSSION
Stfu
-
U mad tho
-
I don't hate it, but as a PC/phone user it's security features are almost never helpful and always cause issues so I just have it disabled.
I never have any issues with it in fedora
-
U mad tho
-
I don't hate it. What's SELinux?
SELinux is an access control system for Linux. Traditionally Linux uses Dynamic Access Control (DAC) which basically means the person who creates a file can determine who can access that file. Thats pretty fine for day to day use but there are some problems with this model in terms of security. One I can think of is that it's more vulnerable to privilege escalation (a hacker getting access to a higher level account like admin through a lower level account) because it puts the onus on the user to define who can access the file. SELinux was invented by our good friends at the NSA to remedy these kinds of problems. It's an example of Mandatory Access Control. It works on top of DAC by creating policies that work to prevent things like privilage escalation. It's a lot more comprehensive than DAC
-
I'd love to develop a muscle memory for working with it, but nowhere I've worked uses it at all. But from memory it really wasn't that complicated, and the errors it spat out into system logs basically told you exactly what command to run to get past that particular violation.
I don't hate it at all. Just, never seen it used anywhere.
All the linux stacks I was involved with over the years always had SELinux disabled as part of the base config. I can't think of a single server it was enabled on.
-
This is not a troll post. I'm genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it's a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat's guide.
So yeah, why do we hate SELinux?
Because in even 'permissive' mode, it blocks some fairly routine things.
-
System shared this topic
