This is not a troll post. I’m genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it’s a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat’s guide.
So yeah, why do we hate SELinux?
The only thing I know about SELinux is that the NSA made it, and that you need to add :z to docker volumes to fix permissions.
setenforce 0is much cleaner, I have found.They my go to to quickly triage a problem being caused by SEL or not.
A mandatory part at the beginning of every Ansible playbook!