Security definitely follows the: "10% inspiration, 90% perspiration" rule. Security people always want to build the cool 10% thing, then move on to the next research.
Getting it deployed, turned on, or into the scale process is the hardest and most important part. Do that.
Conversation
20 years of vendor install guides that start with ‘turn off SELinux’ because they can’t be bothered to write a policy 😫
3
10
Most Linux users have a strict full system SELinux MAC/MLS policy on their computers since they're using it via Android. Having a standard external app sandbox and internal sandbox for every application greatly reduces the scope of what has to be written. Servers could do it.



