SELinux is not hard. SELinux is hard to understand
I spent the last couple of days learning about AppArmor. The time spent is definitely not sufficient, but I want to share some thoughts about SELinux. The reason for this is, because while researching AppArmor, one inevitably comes to comparisons between #SELinux and #AppArmor. And if I have to #summarize such discussions, this would sound like this: “SELinux is very hard to maintain and this makes it more error-prone. AppArmor is very easy and you can achieve the same results as SELinux with it.”
It is unnecessary to say, I don’t agree with both statements. SELinux is not hard to maintain. The problem is, that few people understand how SELinux works and therefore the ones who don’t, find SELinux hard to maintain. The “complexity” of SELinux gives it a lot of flexibility. The situations, which AppArmor can handle good is just a subset of the situations, which SELinux can handle at all. The question, of course, ....
https://mihail-milev.medium.com/selinux-is-not-hard-selinux-is-hard-to-understand-2d957754ee43
SELinux is not hard. SELinux is hard to understand
In this article Mihail Milev tries to eliminate the myth, that SELinux is hard and offers a simple look at how it worksMihail Milev (Medium)
benedict16b mag das.