Simpler is usually more secure, but incentives are for complexity

Posted Feb 14, 2025 11:50 UTC (Fri) by walex (guest, #69836)
Parent article: OpenSUSE Tumbleweed switches to SELinux

The simpler a security-related system the better security because it is less likely to be misconfigured or even entirely disabled, and SELinux has the huge flaw that it operates at an abstract level above actual system resources, so requires extensive mappings between the two levels and requires a lot of maintenance and to understand what a configuration actually does is quite hard; instead AppArmor operates directly at the system resource level, so it is much easier to configure and to understand what a configuration does (even if AppArmor configurations on Ubuntu have become more complex with time). My impression is that SELinux adoption is driven by the incentives of corporate security officers to add complexity.

Simpler is usually more secure, but incentives are for complexity

Posted Feb 18, 2025 14:01 UTC (Tue) by raven667 (subscriber, #5198) [Link]

I think this is the best most succinct diagnosis of the downsides of SELinux that I've seen, that goes to the heart of _why_ crafting/auditing policy with it is hard for most people, although I don't think the cause is CISOs _trying_ to make things more complex as some sort of policy goal, my guess is that SELinux is well used enough on widely deployed systems with an ecosystem of log analysis and policy documentation around it that it's the "safe" option, it may not be the best for all cases but it has critical mass, which is often a larger consideration for long term maintenance. Maybe another theory can help explain its popularity along with its polarizing character.