this post was submitted on 09 Dec 2025
1090 points (99.5% liked)
Programmer Humor
27782 readers
1541 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
SELinux is super simple, you just gotta understand how the system works.
Once you understand the syntax and flow of SELinux policy then writing it is easy. Writing GOOD policy on the other hand …. Lmao.
Typically most IT departments “fix” it with
setenforce 0which is the equivalent of removing the seatbelt cuz you can’t figure out how to latch it.Android has one of the most “robust” applications of it but it doesn’t serve the purpose a good policy does, it does add a substantial layer of defense. Apple contracted my company to come out and teach them how to SELinux a few years back. Ultimately they (companies that desire SELinux as an added layer of defense) tend to just pay “us” to do it instead lmao.
Correct me if I'm wrong but I do believe that's the point. 😆 That understanding it is the hard part.
I love these people who are like "no no, X is easy, because I understand it."
If course you think it's easy — you understand it already...
What I am saying is that it looks significantly more daunting then it truly is, once you understand the basic concept of it (which I’m positing is actually fairly simple) the rest follows easily.
Specifically here though I mean SELinux is “simple” if you understand how Linux works and operates, as you’re constraining syscalls and access
I think as a developer I just have no idea what policies are applied, so it's just "somethings fucky here" all the time. Maybe an organizational issue :)