[K0HAX]

You know, when Linux admins say "don't run as root!" we don't only mean that users should not run as root. Nothing that doesn't absolutely have to should run as root.

And before someone says "but only root can read those files!", please take this opportunity to learn about filesystem ACLs. https://linux.die.net/man/1/setfacl

edit: Also, yes, this would not have fully solved the problem, but it is very likely that the amount of potential harm that could have been caused would have been significantly reduced.

[SteveNuts]

Tangentially, the "disable selinux" as a first step for installing software is incredibly lazy in 2024. There are tools that help you analyze in permissive mode and easily convert the output to the contexts you need.

[K0HAX]

I agree with this. I'm kind of appalled by the apparent lack of SELinux controls on a firewall that runs Linux under the hood.

If I can run SELinux in enforcing mode on a Gentoo Desktop, any Linux administrator worthy of their job title can with a more enterprise/user friendly Linux distro too.

[doublepg23]

While I do run SELinux on Fedora and RHEL, I gotta say the errors it produces just being I/O errors is incredibly frustrating.