Do you keep SELinux enabled on your servers? What about your desktop/laptop?
yes
>SELinux enabled on your servers?
Who wouldn't? Even if it's a security system created by a government agency which could have rigged it for a way to break it that's kept secret by them, it's still better than a complete lack of such a security system which hackers other than the absolute most experienced would find a way to break through.
However, disabling SELinux on some desktops is reasonable because there are many cases for which it's inconvenient and getting in the way of many things when there's no perspective of a dedicated sysadmin on what justifies the annoyance of that.
>>53752266
>it's still better than a complete lack of such a security system
>implying
>>53752066
I disabled selinux because I'm too stupid to get it to work with samba. Keep it enabled on servers though
SELinux = NSA
LMJ nudes when?
>>53752533
plenty out already
>>53752558
Don't bullshit me Anon
tfw you're keeping SELinux enabled on your laptop, but cannot keep it enabled on your servers
>we will care about security later, anon
>we really need these privileged Docker containers mounting random shit as a volume
>SELinux is complaining about XYZ, we don't remember what exactly about, but fuck that, we just disabled it
>chcon-ing the stuff is too much work
I recently looked into SELinux, but it's main selling points seemed to be covering people's asses if they were reckless with basic filesystem permissions in the first place. What can it really do for me?