This is not a troll post. I’m genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it’s a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat’s guide.
So yeah, why do we hate SELinux?
I definitely do not hate SELinux, I think it’s a great system. But my experience mostly (at home, anyway) comes from managing servers running Kubernetes clusters and, like, just using podman do deploy containers. In both these cases SELinux is a on “just works” basis, for the most part.
Then in enterprise environment that doesn’t run everything on containers, you usually have a very standardized way of applying SELinux policies. At my last place of work we did it via a rather Ansible role. It was simple and easy.
But I can imagine using SELinux at home, where you maybe don’t have these things, might be a rather “mysterious” experience. It’s not the most obvious system.
But learning to write your own policies (even if just trough se2allow or whatever it’s called) does de-mystify SELinix pretty quick.