alt Hacker NewsComplete different set of tradeoffs.
This is one of those situations where there is no good option, just the least worse option.
SE had mostly servers, depends on package vendors being altruistic, and people mostly just disabled it when it caused problems.
That is a very different set of assumptions and challenges than what Apple faces.
Agreed, I’m not suggesting selinux itself is the solution for Apple. I’m just saying faced with the same problem, and accepting that they have different usability constraints on them (sysadmins vs potentially novice computer users), another group found a solution. Why can’t Apple - they have the money to buy the engineering resource to bottom this out.