That was more than 20 years ago.
I think that 20 years is more than long enough for this kind of technology to mature, and work the kinks out, and then it's smooth sailing from that point on.
Yet, for the umpteenth time I have to create yet another bug for an AVC failure, and watch it being dupe-hammered, and everyone else's reports also having the same fate, for the next year or so. Why?
I have to conclude that there's something fundamentally broken with SELinux. SELinux AVC denials should be rare. Like once in a blue moon. The fact that they still come out of the firehose, non-stop, and some poor soul has to chase down as many as possible, letting all others expire and autoclose – that is not right. This shouldn't happen.
The current state of affairs would not be unreasonable say, within the first five years of SELinux's existence. But not 20 years later. Come on. Either fix the fscking thing, or get rid of it. When I have to install a cron job to run restorecon every five minutes, while the corresponding bug ages, that's a big honking clue that something is wrong in the state of Denmark.
I might be wrong, but AFAIK Fedora/RHEL is the only Linux distribution that still screws around with SELinux. Google Skynet also mentioned that something called "Amazon Linux" also has SELinux enabled. Who? That doesn't count. So, resuming: if anyone ever wonders why only Fedora/RHEL bothers with SELinux, hopefully this clears it up. I believe that SELinux is fundamentally broken, and I don't think it's fixable in its current state. Fortunately, it is easy to turn it off. But is that what SELinux's advocates will say is the solution? Really? And if not, what /is/ the solution?
Can someone come up with the answer to the following answer: what can, and should be done, to fix the constant pain point of AVC denials, permanently?
pgpL1oHvncYoQ.pgp
Description: PGP signature
-- _______________________________________________ users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
