I’ve been using Linux Mint since forever. I’ve never felt a reason to change. But I’m interested in what persuaded others to move.

  • boblin@infosec.pub
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    What put me off selinux is that the officially documented way of generating a new policy is to run a service unconfined, and then generating the policy from its behaviour. This is backwards on so many levels… In contrast policy-based admission control in kubernetes is a delight to use, and creating new policies is actually doable outside of a lab.

    • mholiv@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      You could preemptively write the policy if you know the context and policies you want to apply. I just don’t think it’s worth the time when you can generate a policy with two commands.