Przemek Klosowski wrote:
I agree that it's tedious, but practical evidence seems to
it's a converging process and we're almost there---'enforcing' SELinux
is a viable setting for a majority of deployments.
I fail to see any kind of convergence. We still have weekly selinux-policy
updates with a dozen bugs fixed every week! And new policies keep breaking
things that used to work. To me, that's clear failure.