This is not a troll post. I’m genuinely confused as to why SELinux gets so much of hate. I have to say, I feel that it’s a fairly robust system. The times when I had issues with it, I created a custom policy in the relevant directory and things were fixed. Maybe a couple of modules here and there at the most. It took me about 15 minutes max to figure out what permissions were being blocked and copy the commands from. Red Hat’s guide.
So yeah, why do we hate SELinux?
Permissive mode, and yes, you absolutely can. That shows warnings but doesn’t actively block. But you still benefit from running setroubleshoot to actually figure out what and why it’s blocked something, and how to mitigate that.
Permissive is also good in that you can get a bunch of blocks reported at once, instead of having to step through one at a time, which can be useful.
That’s what I was thinking, I know the pain of watching something run for ages, only to finally get past where it failed last time and run straight in to another stumbling block.
I don’t envy you having to work in an SELinux environment with less than stellar developer understanding of policies and contexts.