Battle What’s Your Favorite Linux Desktop Environment in 2026 and Why?

[Victor M]

But I don't like KDE's start button and start menu - reminds me too much of Window$. Gawd that OS is a money pit.

 

[simmerskool]

Fedora 44 KDE has one advantage over Fedora 44 Gnome for me at the moment: user_u on KDE works out of the box, whereas on Gnome it requires a audit2allow fix.

ahhh what's a audit2 allow fix?? fedora / gnome for me has just worked, but then again so does KDE Plasma in Kinoite version.

 

[Victor M]

ahhh what's a audit2 allow fix??

Audit2allow is a command that takes the SELinux rejects as found in the logs, and turns them into allow rules.

 

[simmerskool]

Audit2allow is a command that takes the SELinux rejects as found in the logs, and turns them into allow rules.

excellent, sounds like a project for me and buddy, chatGPT. wondering if I have any SELinux rejects, will update...

 

[simmerskool]

@Victor M of course you noted you have / had an issue and audit2allow helped whereas this is chatgpt advice for my Kinoite >>
For Kinoite my answer would be: Usually no. audit2allow is a tool of last resort when:

1. SELinux is blocking something you actually need.
2. You have confirmed the application is behaving correctly.
3. There is no existing SELinux policy fix available.

The danger is that audit2allow can become: "SELinux complained, so let's make SELinux stop complaining." which defeats much of the purpose of SELinux. <<

at moment I'm not aware of any issues in my fedora / gnome or kinoite that would need this cmd tool. but good info, thanks!!

 

[Zero Knowledge]

Ahhh SELinux. another security control and something that every security freak says to use but no one I know actually knows how to use correctly.

I guess consult A.I. now? Yet where do the models train there data on? Maybe it's CyberPunk2026 blogspot or angrylinuxdawrfusers X feed???

Firejail anyone? At least it's still being developed!

 

[Victor M]

@simmerskool Yes audit2allow is last tool to use because of the possibility of over-allowing a whole lot of things that exist in the log, some of them are Meant to be denied. But chatgpt and I went thru a whole slew of things, and finally constrained permissiveness for one particular thing for debugging.

Anyways I have a backup path - I have prepared a Fedora KDE Plasma with all the SELinux configurations I wanted. And as I mentioned, in KDE, the user_u worked out of the box. Well there is a ksecretd or something like that that stores WiFi passwords that got AVC errors - but I don't use WiFi.

 

[simmerskool]

Ahhh SELinux. another security control and something that every security freak says to use but no one I know actually knows how to use correctly.

I guess consult A.I. now? Yet where do the models train there data on? Maybe it's CyberPunk2026 blogspot or angrylinuxdawrfusers X feed???

Firejail anyone? At least it's still being developed!

according to chatgpt: > The SELinux framework is built into the Linux kernel. The original work was done by the National Security Agency (NSA) and released as open source around 2000. Since then, Linux kernel developers maintain the kernel-side SELinux code. < I think firejail is a 3d-party app. SELinux gets updates regularly.