On Fri, Nov 29, 2019 at 09:00:19PM +0100, Maciej Żenczykowski wrote: ... > I'm of the opinion that SELinux and other security policy modules > should be reserved for things related to system wide security policy. > Not for things that are more along the lines of 'functionality'. Makes sense. > > Also selinux has 'permissive' mode which causes the system to ignore > all selinux access controls (in favour of just logging) and this is > what is commonly used during development (because it's such a pain to > work with). Agree, this would be a big problem. IOW, "you don't have permission to access to this" != "you just can't use this, no matter what" FWIW, I rest my case :-) Thanks, Marcelo
