Title.
- Soot [any]@hexbear.netEnglish1 month
Linux permissions are obvious, straightforward, and very easy to change - They rule.
SELinux permissions are impossible to see, seemingly pointlessly more complex, and I don’t know how to check them or change them i.e. They drool.
As a power user who is constantly changing system stuff, installing weird stuff, running weird servers, disabling SELinux is like, step 2 of installing Linux for me (and honestly, even if you’re not a power user, I can assure you at least ONE issue you’ve faced was actually caused by SELinux under the hood). I have wasted whole days working out just that SELinux is causing my fucking issue, and then days more on how to fix the permissions, and then days more doing those again when those permissions RESET as it is wont to do and days more trying to make my needed changes permanent. And let’s not even get started on how to transplant an SELinux permissions structure from one disk to another. So instead of a week’s worth of frustrating work every year, I can spend one minute disabling SELinux.
Its implementation feels contradictory to the most basic principles of understandable and workable systems. It’s like the NSA wanted to make software that was the diametric opposite of the Zen of Python. It’s ugly, it’s implicit, it’s complicated, nested, dense, unreadable, full of special cases, and silent errors, it constantly guesses in the face of ambiguity (which is why I have to constantly correct it).
Basically, I have wasted too much of my life faffing with an opaque and ludicrously complex permissions layer that seems to be there solely as a ‘just in case’ my already existing permissions aren’t good enough.
- 1 month
It’s an unnecessary layer of complexity. I am the only user of my personal laptop. I don’t need fine-grained permissions. Linux users and groups are enough for any permission needs I might have, like docker group, audio and video groups, etc. I don’t have any “classified” documents on my computer. My home directory and root are on different disks. I can easily format and reinstall my system if something goes wrong and keep all my personal data.
You don’t have classified documents, but you probably use bank in your browser running as your user. Maybe you use local mail program to send emails, also running as your user. A simple malware could add emails to be send asking your family to send you some money through online service.
And that’s easily done because the only isolation layer is user and group.
- 1 month
I no reasons for disliking it. SELinux is an incredibly powerful security tool.


