cross-posted from: https://discuss.online/post/34255100
Thought I’d create a distinct thread from the previous one asking about daily use, because I really do want to hear more on people’s pain points. Great to know people are generally sounding pretty positive in those posts who recently switched, but want to know your difficulties as well! This way old and new users can share their thoughts, hopefully to inspire a respectful discussion.
I am also The Internet, and I say unless it is an internet-exposed service, just do it. More security is never bad of course, but process isolation and privilege escalation prevention is pretty low on the list of security measures you should focus on. First thing, unless it’s meant to be a “public” service (one that someone without pre-authorization may access), it shouldn’t be exposed to the internet at all, and that alone brings the threat model from “definitely will be scanned and automatically attacked, decent chance it gets pwnd if you don’t have good passwords and update often” to “someone needs to be both skilled and targeting you”. Spend an afternoon or two setting up a VPN so you can access your services from wherever, and share them with select people.
SELinux is the cause of many headaches, and its main proposition is against untrusted code or in a shared system. If it’s your box, in your network, and you’re not aiming for a Red Hat certification, it’s ok to disable it.