[josteink]

> I've been using SELinux in my Fedora the last 3 years, always on enforcing mode. No major problems

I think the only problem I've encountered has been when Virtual Box (or was it VMWare?) tried to compile and install its custom kernel-modules, while using UEFI with secure-boot. They wouldn't load, because they weren't signed. Took me some debugging to figure out what was going on, but it was easily bypassed.

The solution was to disable secure-boot and just boot UEFI in "regular" mode. Felt a bit like fixing things by running as root/admin, but apart from that one story, I've had absolutely zero other issues with SELinux. Fedora has implemented it really well.

[Eiriksmal]

Microsoft's Secure Boot in the UEFI isn't SELinux[0]. It's actually not difficult to get VBox/VMWare to play nice with secure boot[1], once you've generated your custom signing keys. I keep a .sh on my machine to sign the latest kernel after each `dnf update`. Weirdly, my laptop had trouble booting with Secure Boot disabled so I was forced to figure out how to get them to play nice.

[0] https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Sec...

[1] http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux/

[josteink]

> Microsoft's Secure Boot in the UEFI isn't SELinux

You may be absolutely right here and I may have incorrectly conflated the issues.

That said it's UEFI secure boot, not Microsoft secure boot.

Microsoft helped create the spec, but anyone is free to implement it and use it without any Microsoft involvement.

Maybe you're conflating some things too ;)