SELinux has problems. It has a complexity problem (in that it is quite complex), it has technical problems with important issues likeusability andvisibility, it has pragmatic problems withgetting in the way, and most of all it hasa social problem. At this point, I no longer believe that SELinux can be saved and become an important part of the Linux security landscape (at least if Linux remains commonly used).
The fundamental reason why SELinux is beyond saving at this point is that after something like a decade of SELinux’s toxic mistake , the only people who are left in the SELinux community are the true believers, the people who believe that SELinux is not a sysadmin usability nightmare, that those who disable it are fools, and so on. That your community narrows is what naturally happens when you double down on calling other people things; if people say you are an idiot for questioning the SELinux way, well, you generally leave.
If the SELinux community was going to change its mind about these issues, the people involved have had years of opportunities to do so. Yet the SELinux ship sails on pretty much as it ever has. These people are never going to consider anything close to what I once suggested in order to change course; instead, I confidently expect them to ride the ‘SELinux is totally fine’ train all the way into the ground. I’m sure they will be shocked and upset when something like OpenBSD’s
pledge() is integrated either in Linux libraries or as a kernel security module (or both) and people start switching to it.
(As always, real security is people, not math . A beautiful mathematical security system that people don’t really use is far less useful and important than a messy, hacky one that people do use.)
(As for why I care about SELinux despite not using it and thinking it’s the wrong way, seethis. Also, yes, SELinux can do useful things if you work hard enough.)