SELinux can be part of the solution but it doesn’t solve the problem. The median Linux system is far behind the median Mac because while SELinux exists you still have to craft fine-grained policies and deal with all of the exceptions needed to have the system still be usable. This is more a function of budget than anything else.

> SELinux managed it

Not when you have SELINUX=disabled (rather than SELINUX=enforcing), which is what I've seen in most environments.

Personally I've had better experiences with AppArmour.

Complete different set of tradeoffs.

This is one of those situations where there is no good option, just the least worse option.

SE had mostly servers, depends on package vendors being altruistic, and people mostly just disabled it when it caused problems.

That is a very different set of assumptions and challenges than what Apple faces.

Usability. And/or good taste.

Can your grandma use SELinux? Delusional.

There's a [dead] reply that you may not see, but frankly I kind of agree with it: "Can your grandma use SELinux? Delusional." https://news.ycombinator.com/item?id=42087188