SELinux is an access control system for Linux. Traditionally Linux uses Dynamic Access Control (DAC) which basically means the person who creates a file can determine who can access that file. Thats pretty fine for day to day use but there are some problems with this model in terms of security. One I can think of is that it’s more vulnerable to privilege escalation (a hacker getting access to a higher level account like admin through a lower level account) because it puts the onus on the user to define who can access the file. SELinux was invented by our good friends at the NSA to remedy these kinds of problems. It’s an example of Mandatory Access Control. It works on top of DAC by creating policies that work to prevent things like privilage escalation. It’s also a lot more comprehensive than DAC. It allows for things context based access, taking into account the broader security context of an access attempt, the user’s role, etc.

I’m actually not entirely sure why some people don’t like it. Understandably, some people are wary of anything the NSA let’s out into the public. But as it’s open source and has been integrated into a number of Linux distros like Fedora, it’s unlikely they’ve backdoored it. If I was to hazard a guess, I’d say some people don’t like it for the same reason they don’t like systemd: Linux has often been an OS where user’s like a big degree of control through simple traditional systems and those don’t like the idea of losing some of that control to the complexity overhead involved in these new systems.