[WhyNotHugo]

I think the article summarises the situation well:

> The policy language and tooling is cumbersome, obtuse, and is about as appealing as filling out tax forms.

If a security framework is so terribly complex and hard to use, then people won’t use it.

OTOH, look at how OpenBSD or OpenSSH approach security: simply primitives which are well documented and easy to understand.

The only reason SELinux even works in the few scenarios where it does, is because the operator had immense amount of resources to pour into it. This itself is another sign of how bad the design is: it’s so complex that no small team of humans have ever been able to use it.