[redprince]

Because pretty much everyone on the internet tells you to disable SELinux instead of trying to understand it. I'm always rolling my eyes when I open some deployment instruction for RHEL (clones) and they have as step one: Disable SELinux.

Few will instead read the RHEL provided documentation. Then they could maybe figure out whether there's simply a tunable (getsebool -a) which would enable the desired behavior, or if properly labeling files (semanage fcontext / restorecon) would do it, or even take the steps to add to an existing policy to allow for a specific scenario which somehow was not implemented. Even adding your own policies "from scratch" is certainly doable and provides a great safety net especially for networked applications.

Anyway... we all know disabling security or not implementing it in the first place can really save you a lot of time. At least in the short run.

[epalm]

> Anyway... we all know disabling security or not implementing it in the first place can really save you a lot of time. At least in the short run.

The way I put it to my clients, and staff, is simply that security comes at the cost of convenience.

[wwweston]

Are there good places to read more about this?

[redprince]

If you just want to maintain or operate what's already there on a RHEL (clone): https://docs.redhat.com/en/documentation/red_hat_enterprise_...

If you want to dive deeper: "SELinux System Administration" by Sven Vermeulen.

[mananaysiempre]

A book published by Packt? Really? Honest question, it’s just that so far I haven’t noticed them having much of a quality filter or an editing team.