---

SELinux is Unmanageable; Just Turn It Off if It Gets in Your Way

Security-Enhanced Linux (SELinux) is a type of Mandatory Access Control (MAC) in the Linux kernel. It can prevent software from performing unexpected — such as abusive or malicious actions — on your Linux systems. However, … it’s also an unmanageable mess, and I have a much greater understanding of why people recommend that people disable it.

While I’ve been an SELinux complexity apologist for years, lately, I’ve concluded that every implementation with difficult-to-configure policies is just unmanageable.