Posted Jul 10, 2008 4:24 UTC (Thu) by anchorsystems (subscriber, #40101)
Parent article: SELinux and Fedora
It seem that the biggest problem with SELinux is that
it has been designed from the most complex conceptual
model, as required to represent most classical security
models, rather than just starting with the simplest model
required to add basic MAC.
And this complexity makes every other aspect of it a
nightmare to work with.
I'm guessing that most people and policies don't make
use of the user, role, sensitivity, or categorisation.
Having all those aspects hidden and disabled when not
used to allow SIMPLE policies that rely on just
type/domain and transition rules would help understanding