Ralf Corsepius wrote:
If SELinux was transparently working (Which it doesn't on Fedora on many situations), nobody would name it "infection".
Pretty much every security solution has had a history of such problems. I remember back in the days when a firewall used to get very similar complaints and everyone was suggesting just to turn it off instead SELinux is a fundamental security paradigm change. It has taken a lot of effort to get where we are now.
=> This is users complaining about SELinux's usability, based on their personal experiences with the Fedora implementation.
Atleast on Mike McCarty's case he has no personal experience with it. Users have mixed opinions as always.
If SELinux was such an "terrific and compelling approach", upstream Linux and other distros would have adopted it _years ago_ with standing ovations - Fact is: Nobody did. => This is developers and maintainers having doubts on SELinux.
Sure. Technology changes like this take time. Lilo vs GRUB. Static dev vs udev as other relatively fundamental changes have also taken time for distributions to adopt.
SELinux is indeed upstream and a number of distributions have varying levels of support for it. Both the technology as well as adoption have only been increasing over time.
Rahul