schmidtbag Keep on granting more power to the government, then your "1st world" country will be the next oppressive state when you wake up one day. Or granting power to corporations blindly, then your "1st world" country will become just a puppet one day and corporation cartels will be the true dictators ruling over the world.

I used Taliban as my initial example because even the stubbornest tankies won't support their policy in open (at the moment in 2023). So we can establish a common ground that at least some oppressive governments exist. For technical capacity, Russia and China are better examples. Especially for Chinese government which wholeheartedly endorses big-brother-is-watching-you policy and is actively implementing it. But I didn't want to muddle into endless political debate so I refrained from using them as examples at first. The chance of someone arguing they are "good big brother" is there and this would be tiring.

By the same principle, I don't write offtopic local political issue in Hong Kong in this forum. Hongkongers so far are suffering less than Uyghurs. And competition for who are being oppressed most by the government is NOT FUN. Your show off of your "privilege" is disgusting.

So you really can't see the logical flaw? Of course a person can google how to troubleshoot problem caused by SELInux *after* he/she know the problem is caused by SELInux. It is the how-do-one-know-the-problem-is-caused-by-SELinux-BEFORE-knowing-SELinux problem that markg85 was complaining. From Mark's experience, SELinux doesn't seem self-revealing. It is not commonly run in every Linux distribution.

"insuficient permissions" != "insuficient SELinux permissions"

the former would make me (a common user) scrutinize file and folder flags or use sudo

the latter would reveal the exact sort of permission that's missing

and maybe things could go a step further into being friendlier:
"app/process xxxxx does not have SELinux permission for yyyyyyy"

...as terminal output (stout or stderr), not just SELinux-specific logs

would this sort of suggestion cause any new problems?

schmidtbag​
you claim good citizens "have nothing to hide" but...
1) this blanket statement implies anyone saying othewise is not honest, which means, even if you don't fully realize it, you are attacking the integrity your interlocutors here to make your point, which is inherently offensive especially as you're doing it in a blanket statement

2) you ignore the existance of legally acceptable secrets (personal passwords, social security numbers, industrial secrets, workplace access codes, etc)

3) you ignore that the attacker might not be your own country, instead a belicous foreign entity

eg: Russia has been documented launching successful rehearsal attacks on european electric smart grids as part of a new class of cyberwarfare with the goal of quickly disabling civil infrastructure... this class of cyber-attacks can have a bigger strategic impact than conventional warfare even if the target is not millitary, and the entry points are usually civilians, through spear-physhing, vulnerability probings, multi-stage invasion... a pretty old and notorious example (but made by the USA) is stuxnet

4) you ignore corrupt government authorities may use their leverage to target honest law-abiding citizens to frame them under false charges... planting false evidence is made much much easier if you have extraordinary access

for concision purposes please allow me to classify covert ops by USA, UK, Russia, China and etc as corruption-prone or corruption-driven instead of mucking through considerations on wether they are true to the essence of such state-nations... let's also just agree that most of it is covert because it's imoral (albeit usually made legal through carefully crafted loopholes, exceptions and whatnot)

5) look at the sheer amount of illegal persecution done towards immigrants before they even have a chance to plead for a legal recognition of their entry... and at the immorality of actively causing hordes of them to die mid-journey despite obviously needing to flee from their former homes for sheer survival, again albeit this being partly (only partly!) made legal... those people are spied on without cause and persecuted en-masse and electronic means of invasion are an integral part of this horrendous effort

6) you ignore just how many extraordinary exploits fall into the hands of common cyber criminals nowadays, and how fast and widely they have been deploying all sorts of attacks... the same automation and convenience that powers datacenters is powering crooks to attack "nobodies" with "nothing to hide" and making serious bucks by catching several small fish instead one big fish

7) finally, how comfortable are you about sharing every detail of your sex life with your mom and dad? because some companies have made it their business to sell spying tools and exploits as parental control, to paranoid people in relashionships which they distrust, etc

with varying under-the-hood complexity hidden beneath convenient GUIs, the tools for all those things have been gradually converging into the same arsenal


ps: this is not a comment on specifically what SELinux might help prevent, but then again the argument made was that nothing at all is needed if you have nothing to hide, which is just as generic


edit:
i forgot to mention how some secrets are even mandatory by law and how failing to guard them is breaking the law too, so in some cases you litteraly HAVE to hide stuff (including your personal wifi password in some countries like iirc Germany) to be a law-abiding good citizen

In addition to that file, on Fedora/RHEL all SELinux errors are logged in journalctl. I have a sneaking suspicion even that was never used or checked. I'm sorry but someone seemingly just couldn't be bothered to get to the bottom of it.

People in western countries get quite rebellious when even things they don't need get taken away from them. Imagine the rioting that would occur 1st world countries would respond if they modeled after the Taliban laws.
Not sure what "tankies" means but regardless, yes, of course oppressive governments exist; I never said otherwise. But what I am saying is if I lived in such a country, I wouldn't be here griping about the NSA or Google since y'know, I'd have real problems to deal with. While I don't deny that it's possible for governments like my own to be super oppressive, in order for me to be oppressed would basically require a country such as Russia or China to successfully invade. That's not happening to any NATO country. Of course, I'm in a privileged position where my country could oppress other demographics, but in the past century, the trends show the opposite: people are attaining rights/liberties.
Well isn't that some cognitive bias at its finest. I acknowledge I'm in a privileged position, and I assume you are too. Yet, you're the one who thinks I should fear for my privacy. I couldn't care less if the NSA wants to watch me jerk off through my webcam and Google can go ahead and log my browser activity if they really want. These are so inconsequential compared to people who have real problems, and you think I'm the disgusting one? Here's the thing: if an oppressive/corrupt government really wants to take you down, they don't need to spy on you to do that. If you live a low-profile life (which ironically would include not trying to be on radio silence), any government is less likely to target you. In other words: you don't need to fear for your privacy because you're screwed either way (not you, specifically).

It boggles my mind what people like you do to intentionally live in fear. I'm sure the Uyghurs, Afghani women, and Hong Kongers feel soooo honored by your motives! Don't forget to leave a like along with thoughts and prayers!

You say that as if I [should] care about who I offend. Some people need a reality check, and reality isn't always so pleasant. And it's not a blanket statement: as I've said before, someone who is actually oppressed would not be here griping about this kind of data privacy.
I'm not ignoring it if it isn't relevant. As you yourself just said: they're legally binding. Besides, there needs to be proof that an institution not only illegally acquired that data (and sometimes ther is ToS that users unwittingly agree to that may permit this data collection) but more importantly: distributed that data.
Why should I care about another country spying on my browser history? User discretion is a necessity to keep one's self safe on the internet.
That's not really relevant to this discussion. In fact, that could even promote the use of the NSA's tracking, but I'm not interested in opening that can of worms.
Actually, read the post I submitted right before this one: I did in fact address that, and I might have addressed that on a different thread too. But I'm glad you pointed that out because as I said: what's the point in fearing data collection when a corrupt government is going to screw you over anyway?
That's an even bigger can of worms I'm not about to open. I kind of get why you bring it up, but I can tell you're interpreting this situation in a very specific point of view, and you're not looking at the big picture. Doesn't mean the bigger picture is morally righteous (I would argue it's not, and that I would favor your point of view) but the reality "justifies" (I say that very loosely) what you describe.
I don't ignore that either, but I didn't get into it because the discussion never got that deep. But even then, most (not all) cybercriminals who successfully identify personal information do not screw over those people, at least not at random. Typically, they're seeking ransom from the company.
If my parents distrusted me or my girlfriend so much as to use such a tool out of malice then they can go ahead and use it. There is nothing positive to gain from such a thing so it's ultimately their loss, not mine (and my girlfriend would care even less - she doesn't like keeping things secret). If my girlfriend were to use such a thing, there's really only 2 ways to look at it:
A. I was doing something dishonest and deserve whatever comes my way.
B. I was being honest and I realize I should end the relationship because she isn't trusting.
It's a win-win for me.
I welcome you to challenge me further on this.
​I find that a little excessive but certainly not a bad idea.

Snowden was in a difficult position, but he gave up the moral high ground when he fled to Russia and allowed himself to be an anti-American propaganda symbol.

If he truly wanted to make a difference, he should have stayed in the US and proudly stood up to those he thought were doing wrong. Yes, he probably would have ended up in jail for a few years, but he would have constantly been bringing attention to the issues he stood for and a lot of people likely would have backed him as a political prisoner and gotten him at least a commuted sentence.

Instead, he fled the country and got pretty much everyone to ignore him and the issues he was worried about were free to be swept under the rug.

Actually, I know one killer feature, which I never seen elsewhere. I would have a Wordpress site and a database on a simple VPS. Then my site is hacked and start to scan Your sites, or get into a DDoS botnet. For some reason by default - at least on Fedora and RHEL - selinux is preventing Apache from making any external connections. To the point, that Wordpress can not update itself, nor its plugins. So it is annoying to me, as administrator, who have to switch httpd_can_network_connect boolean during update window, but Selinux is protecting You from my server. It is contained and will stay that way, as long as Selinux is enabled with enforcing mode.

Both Selinux and Apparmor can be bypassed by a flaws - like https://cve.mitre.org/cgi-bin/cvenam...ame=2023-28642 in runc - but both are so narrowly used, that almost no one cares and many vulns are non-issue with Selinux enabled.

Closing few holes using SELinux is better than closing none?