but it seems much harder to administer the other way around. Once something is marked as inaccessible, that's it. You get to stop looking. Where as it seems like when something is marked as visible you have to establish some sort of hierarchy in case a parent thinks it shouldn't be visible. Which would be indicated by nothing being set. Or you run into a situation like unix where you have permissions going either direction and you have to again determine which overrides which. I guess that would be a fail safe as opposed to a fail open though, which I prefer. But SELinux is a clear demonstration of how complicated things can get if you do it in a complete fashion. Starting with the idea that everything is hidden from everything first, and then transitions are made between them. Yet the bail when it comes to initrc, and almost mark everything as visible first.