It’s an unnecessary layer of complexity. I am the only user of my personal laptop. I don’t need fine-grained permissions. Linux users and groups are enough for any permission needs I might have, like docker group, audio and video groups, etc. I don’t have any “classified” documents on my computer. My home directory and root are on different disks. I can easily format and reinstall my system if something goes wrong and keep all my personal data.
You don’t have classified documents, but you probably use bank in your browser running as your user. Maybe you use local mail program to send emails, also running as your user. A simple malware could add emails to be send asking your family to send you some money through online service.
And that’s easily done because the only isolation layer is user and group.
Not everyone does online banking (I don’t), and it’s possible to warn your family about scams. If the information isn’t there, you don’t need to lock it down. Of course, that just moves both the security and the accompanying inconvenience off the computer and into the real world.
I really don’t see how anyone can install malware on my computer. I know my way around computers enough to not do anything dumb. Of course if someone wanted, they would be able to hack my device, probably. But I am not a high value target and it would be a waste of their time and effort. In short, that’s a risk I am willing to take :)
Yes. That’s fair. It’s an actual, realistic threat. But personally, I don’t provide any services to anyone and my data is periodically backed up to my NAS and cloud. But that’s me. I can imagine other scenarios that would definitely require SELinux.
Your data can be encrypted with a ransomware attack. Including your backups. Your memory searched for browser cached passwords and account names.
You’re not with the effort? The effort is practically 0 these days. Bots written by AI don’t care. And your compute resources can be used to do more harm.
No. I mean why wouild anyone target me? I am behind my home router most of the time, without any exposed ports. I am not saying “SELinux is unnecessary”. The post asked for my reasons to dislike.
In a lot of distros at least, you can just reinstall in place, which has the same effect. But a different place for /home does feel a potentially more reliable method.
It’s an unnecessary layer of complexity. I am the only user of my personal laptop. I don’t need fine-grained permissions. Linux users and groups are enough for any permission needs I might have, like docker group, audio and video groups, etc. I don’t have any “classified” documents on my computer. My home directory and root are on different disks. I can easily format and reinstall my system if something goes wrong and keep all my personal data.
You don’t have classified documents, but you probably use bank in your browser running as your user. Maybe you use local mail program to send emails, also running as your user. A simple malware could add emails to be send asking your family to send you some money through online service.
And that’s easily done because the only isolation layer is user and group.
Not everyone does online banking (I don’t), and it’s possible to warn your family about scams. If the information isn’t there, you don’t need to lock it down. Of course, that just moves both the security and the accompanying inconvenience off the computer and into the real world.
I really don’t see how anyone can install malware on my computer. I know my way around computers enough to not do anything dumb. Of course if someone wanted, they would be able to hack my device, probably. But I am not a high value target and it would be a waste of their time and effort. In short, that’s a risk I am willing to take :)
Plain and simple, with a supply chain attack.
Yes. That’s fair. It’s an actual, realistic threat. But personally, I don’t provide any services to anyone and my data is periodically backed up to my NAS and cloud. But that’s me. I can imagine other scenarios that would definitely require SELinux.
Your data can be encrypted with a ransomware attack. Including your backups. Your memory searched for browser cached passwords and account names.
You’re not with the effort? The effort is practically 0 these days. Bots written by AI don’t care. And your compute resources can be used to do more harm.
So you think NONE of the software you use will ever get an exploit? “Not do anything dumb” only covers some threats, not all.
No. I mean why wouild anyone target me? I am behind my home router most of the time, without any exposed ports. I am not saying “SELinux is unnecessary”. The post asked for my reasons to dislike.
Having your home directory on a different disk is something that could’ve saved me a lot of headache. Can’t believe I didn’t think of that.
In a lot of distros at least, you can just reinstall in place, which has the same effect. But a different place for /home does feel a potentially more reliable method.
I think it’s becoming default on more and more Linux installers
It used to be. I think it changed at some point to make installs easier for new people who were used to only having a single C:.