Running thunderbolts through crystallized rock to make it think is already magical enough

At the heart of the problem is that the SELinux policies themselves are sort of magical. The policies have probably been provided by the maintainers of your Linux distribution, e.g., Fedora Linux. There’s nowhere on the system where you can view the policies and look up why something might or might not work. The policies also change over time, without any warning.

Source: SELinux is unmanageable; just turn it off if it gets in your way

Red Hat has made it clear the best way to manage SELinux is for you to outsource it to someone, preferably them. I get it, security of this sort is complex, but having to trust random internet postings for instructions on how to do a small task is how we ended up with github readmes saying “just curl this into bash as root”.

Leave a Comment

Your email address will not be published.