The problem of selinux getting in the way of being able to boot/login has been going on for years. Tossing selinux=0 on the grub/kernel command line anytime the machine fails to boot is common for most people running rawhide. Which itself is a problem because relabeling can take a _long_ time if the system in question has a large filesystem.
Selinux has stopped a number of active exploits, but OTOH, its probably stopped 100x as many perfectly functional systems from working.
So more selective enforcement is probably the right path, and one that systemd seems to be going down as it attempts to secure services it manages, but right now welding the door shut to stop the bad guys seems like the solution we are stuck with.
Selinux has stopped a number of active exploits, but OTOH, its probably stopped 100x as many perfectly functional systems from working.
So more selective enforcement is probably the right path, and one that systemd seems to be going down as it attempts to secure services it manages, but right now welding the door shut to stop the bad guys seems like the solution we are stuck with.