Yeah, have they _seen_ the complexity of SELinux policies? It's no wonder that most administrators dare not touch SELinux. Personally, I usually just pray that it works.
On the other hand, path-based approaches like AppArmor are very easy to use. But they had not gained any traction within the security community. Probably, because it's too easy to use.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds