Linux

52353 readers

1009 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Why do we hate SELinux? (lemmy.dbzer0.com)

submitted 1 day ago by marauding_gibberish142@lemmy.dbzer0.com to c/linux@lemmy.ml

49 comments fedilink hide all child comments

This is not a troll post. I'm genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it's a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat's guide.

So yeah, why do we hate SELinux?

you are viewing a single comment's thread
view the rest of the comments

[–] remotelove@lemmy.ca 5 points 1 day ago* (last edited 1 day ago) (1 children)

Its just complex

When a security mechanism becomes more complex to manage than what it is supposed to protect, it becomes a vulnerability itself.

If you had a minimal system that you built from the ground up yourself and wanted to only have that system function in very specific ways, SELinux would be perfect. I would go so far as to say it would be nearing perfection in some ways.

Sorry, but in the real world, ain't nobody got time for that shit. If you use auto configuration tools or pre-canned configs for SELinux on a system you are unfamiliar with, it's more likely to cause application issues, create security gaps and will likely be shut off by a Jr. admin who really has no fucking clue what he is doing anyway.

It's just easier to keep your system patched and ensure basic network security practices anyway.

It's not impossible to manage these days. In the early days it was, but most everything is automagic now. If I am not mistaken, SELinux can be enabled to 'log only' which would give you data better handled by a HIPS anyway. (Don't quote me on that.)

[–] Shimitar@downonthestreet.eu 1 points 1 day ago (1 children)

I fully agree with you...

[–] remotelove@lemmy.ca 1 points 1 day ago* (last edited 1 day ago)

Sorry if it sounded like my rant was directed at you as it absolutely wasn't. Your comment triggered me, because I absolutely fully agreed with yours as well. ;)