On 4/9/21 11:33 PM, Matěj Cepl wrote:
Dne 09. 04. 21 v 23:30 Michael Ströder napsal(a):
Could you please elaborate what the big advantage of SELinux would be?
Improved security and more granular rights for openSUSE (as Fedora/RHEL have it).
And an insane CPU and I/O load when updating the SELinux profiles... At least that's my experience with CentOS.
But sorry, I don't buy this broad statement regarding better security.
IMO the main problem is that nobody is willing to do the work maintaining policies for whatever security mechanism (systemd sand-boxing, AppArmor, SELinux etc.).
Yes. That's the main problem. On the other hand it is not impossible, some proportion (over two thirds I am sure) of Fedora machines have SELinux in Enforced and nobody even knows about it.
At the moment I feel more a push-back when adding e.g. systemd sand-boxing than anything else. Just changing a technology is not a solution for anything.