I’ve been using Linux Mint since forever. I’ve never felt a reason to change. But I’m interested in what persuaded others to move.

    • mholiv@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      11 months ago

      I get it. It does have a learning curve. This being said, I would argue that without selinux Linux can’t really be meaningfully secure. It’s worth learning. Seljnux exits elsewhere too. I deploy Debian with selinux and it works well there as well.

      • Billegh@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        The problem with SELinux is that everyone rushed to push it out, alongside packages affected by it without support for it. So it was a crapshoot whether or not you’d have something working each time. That is better now, but was initially a colossal pain in the ass for about five years or so.

        • boblin@infosec.pub
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          What put me off selinux is that the officially documented way of generating a new policy is to run a service unconfined, and then generating the policy from its behaviour. This is backwards on so many levels… In contrast policy-based admission control in kubernetes is a delight to use, and creating new policies is actually doable outside of a lab.

          • mholiv@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            You could preemptively write the policy if you know the context and policies you want to apply. I just don’t think it’s worth the time when you can generate a policy with two commands.

        • mholiv@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          Fair. But audit2allow makes it really easy to add support for apps without policies. For custom in-house apps I use this to spit out some nice policies that can be rolled out.