Linux permissions are obvious, straightforward, and very easy to change - They rule.
SELinux permissions are impossible to see, seemingly pointlessly more complex, and I don’t know how to check them or change them i.e. They drool.
As a power user who is constantly changing system stuff, installing weird stuff, running weird servers, disabling SELinux is like, step 2 of installing Linux for me (and honestly, even if you’re not a power user, I can assure you at least ONE issue you’ve faced was actually caused by SELinux under the hood). I have wasted whole days working out just that SELinux is causing my fucking issue, and then days more on how to fix the permissions, and then days more doing those again when those permissions RESET as it is wont to do and days more trying to make my needed changes permanent. And let’s not even get started on how to transplant an SELinux permissions structure from one disk to another. So instead of a week’s worth of frustrating work every year, I can spend one minute disabling SELinux.
Its implementation feels contradictory to the most basic principles of understandable and workable systems. It’s like the NSA wanted to make software that was the diametric opposite of the Zen of Python. It’s ugly, it’s implicit, it’s complicated, nested, dense, unreadable, full of special cases, and silent errors, it constantly guesses in the face of ambiguity (which is why I have to constantly correct it).
Basically, I have wasted too much of my life faffing with an opaque and ludicrously complex permissions layer that seems to be there solely as a ‘just in case’ my already existing permissions aren’t good enough.
If you’re just doing normal sheet, you should ideally basically not even notice SELinux. And in that sense it’s good.
If you’re doing any dev or running any server software or some kind of freaky setup, my advice is disable it. At least all you have to do is turn a true into a false.
Linux permissions are obvious, straightforward, and very easy to change - They rule.
SELinux permissions are impossible to see, seemingly pointlessly more complex, and I don’t know how to check them or change them i.e. They drool.
As a power user who is constantly changing system stuff, installing weird stuff, running weird servers, disabling SELinux is like, step 2 of installing Linux for me (and honestly, even if you’re not a power user, I can assure you at least ONE issue you’ve faced was actually caused by SELinux under the hood). I have wasted whole days working out just that SELinux is causing my fucking issue, and then days more on how to fix the permissions, and then days more doing those again when those permissions RESET as it is wont to do and days more trying to make my needed changes permanent. And let’s not even get started on how to transplant an SELinux permissions structure from one disk to another. So instead of a week’s worth of frustrating work every year, I can spend one minute disabling SELinux.
Its implementation feels contradictory to the most basic principles of understandable and workable systems. It’s like the NSA wanted to make software that was the diametric opposite of the Zen of Python. It’s ugly, it’s implicit, it’s complicated, nested, dense, unreadable, full of special cases, and silent errors, it constantly guesses in the face of ambiguity (which is why I have to constantly correct it).
Basically, I have wasted too much of my life faffing with an opaque and ludicrously complex permissions layer that seems to be there solely as a ‘just in case’ my already existing permissions aren’t good enough.
Honestly I am kind of afraid of Linux still. I hide inside Emacs. These eorts of tips are really helpful.
If you’re just doing normal sheet, you should ideally basically not even notice SELinux. And in that sense it’s good.
If you’re doing any dev or running any server software or some kind of freaky setup, my advice is disable it. At least all you have to do is turn a true into a false.