This is even true in areas such as massive stockbroking servers, where they really do care a good bit about security. Not even there do they care enough to make SELinux work with them: what in a simpler system might be a small possibility that a config fixup might break something, in a system of the complexity of shipped SELinux policies becomes a *large* possibility in these people's eyes. So they always turn SELinux off. And I think they're right.
Probably nowhere outside the military would people care enough to fix such problems. Of course, that's where SELinux emerged from: and it's probably a good fit for there.
If we want a security framework we can configure ourselves without driving ourselves insane -- if we occasionally have demands not met by our distributors -- then something simpler, something *comprehensible* is needed.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds