[lagosfractal42]

> Meanwhile, complex external systems like SELinux end up being unused because they are complex and external (and thus can just be ignored).

Wdym? It's very notably used in Android

[cyberax]

Yeah, because they have a team of engineers working on it. They can afford that.

I have never seen SELinux used on a regular server. Heck, Amazon Linux AMIs on AWS even disable it by default.

Yeah, yeah, personal experience and all that.

[cyphar]

This has changed a lot in the past decade -- any modern Fedora box has SELinux enabled by default now and so I would wager the majority of Fedora/CentOS/AlmaLinux/RHEL boxes have SELinux enabled and in enforcing mode. openSUSE/SLES is also switching to SELinux in 16.0.

Disclaimer: I work for SUSE.