Hacker News new | past | comments | ask | show | jobs | submit login

I have been doing Linux sysadmin for 20 years and I just stopped trying to understand SELinux. It looks and feels like an abomination borne out of some IBM or other antediluvian corporate UNIX system for programmers wearing suit and tie.

Terrible documentation, terrible mental model, terrible CLI UX, terrible error messages.

I run Fedora and SELinux is working well enough, but it's a piece of machinery I can't wait to see replaced, however useful people swear it is.




It was originaly developed by the NSA, so it's even worse than corpos wearing suit and tie, it came from spooks.


Probably intentionally complex for just that reason. Easy to leave a misconfiguration.


I totally get it. I exert next to zero effort to keep it around for my systems!

For systems that shouldn't do much more than exactly what is prescribed, it's acceptable, is what I'm after... I guess.

I can't do justice to the source, but there's a concept about our programs/creations reflecting us.

Like a peer hints - SELinux reflects an agency like the NSA, draconian. Good and bad




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: