This just doesn't make sense, it's not "Immunix AppArmor" or "NTT Tomoyo" either.

Nice try NSA.

if it's over complicated for you, you can disable it.

If the plan is to shut up the crazies.... I expect this will backfire

WTF?
I agree with others, this change should be refused.
Stop trying to rewrite history!

So the whole thing is someone in NSA got over-confident in their brand and thought putting their name on it would boost the reputation of SELinux. But no, as long as governments around the world like to eavesdrop people for the sake of "national security" or "anti-terrorism", their involvement will just stain any software/hardware projects about information security.

The patch looks completely logical to me.

The original wording makes it sound like NSA is a sort of purveyor/company behind SELinux and should be talked to if you have any issues with SELinux which is not the case.

SELinux has been almost entirely RedHat's/community effort for the past 15 years or so.

man selinux still shows all the necessary info:

All things considered, I'm more worried about the Chinese and TikTok than I am the Americans and SELinux. One is a closed source app with ties to the Chinese Communist Party/Government that requires you to disable security protections to fully work whereas the other one is an open source security protection that tries to keep us safe from nefarious actors.

It also doesn't help that TikTok uses different algorithms for different countries and peoples and the one used for Americans and western society pushes content to intentionally divide and anger Americans.

TikTok is literally the Communist Party Propaganda Machine.

There is also Zoom, with Chinese capital and Chinese boss behind. And it is harder to avoid as use of Tiktok is entirely voluntary while Zoom less so.

Selinux. the single most annoying linux component ever build. Which is imho still true to this very day.

Here'a a "fun" little story about that single feature changing my linux distro usage. Many many many years ago i was a fedora user. At that time selinux was either brand new or was just coming to regular distributions (don't quite recall which one it was), fact is that i began noticing it. In the early days that was with a true shitload of security policy notifications approving or denying requests. I think not long after that insanity Torvalds made a remark that printers should not need root? Anyhow, i digress. This never ending flow of just total linux usage pain caused me to disable selinux on every new install that had it. Problems gone, happy user

But every new install had it and did require that disabling. Over time that too fed me up so i moved to a distribution that was more aligned with my use of linux. Arch linux was that distribution. Turns out that Arch just doesn't support selinux at all. Never has and doesn't till this day (though you can get it if you want it).

Now fast forward to a couple weeks ago where i was installing a VPS node. Don't quite remember if it was using Almalinux or that other centos derived one. What usually took me a couple minutes (setting up docker and running my container) now took a couple days of debugging. My issue? I was mounting a volume inside a docker container that i wanted to modify from outside the container (think of config files). Nothing wrong with that setup, it's very common. Yet somehow docker - or rather podman specifically in this case - just downright refused to work with permission denied errors. After many head-scratching hours of debugging i went with root for the files both inside and outside of the container, that too didn't work. Something somewhere was very persistently blocking it. Noting, absolutely nothing at all, was even remotely hinting at selinux at this point. Yet upon discovering it being enabled and running, disabling it fixed my case. In hindsight the :z volume mount option would've probably saved me and play nice with selinux. Remember though, i didn't know it was selinux to cause this thus searching for fix to that permission denied error also didn't bring up any results indicating that i needed to add that option.

I wasn't expecting to be bitten that hard by selinux again, but yeah, i was. It's a monstrous dumb bullshit piece of tech that should be thoroughly killed from linux in my opinion. And yes, that's only because it's so freaking stealthy in the background where you don't even know that it is causing your troubles. It would've been much better if it somehow were communicated better. But then again, a distribution like Arch - that thrives these days - doesn't use selinux at all. So if they don't need it why would i even bother using it? The tech is pointless in my view.

I'm sure it has a special place for some people. To those: have fun with it. I've been bitten by it yet again and will very happily disable it again on new installs.

There's always the people here too who are like security addicted and enable every feature that adds more security. Fine by me, you do you, i do me. Don't try to convince me to run that garbage.