Many people get confused about why SELinux is so complicated. Partly implementation problem but partly intrinsic complexity to what it’s trying to do. I thought people might find it enlightening to see the original, cleaner architecture applied to Fluke microkernel. Culmination of prior, failed attempts in high-assurance security to bake MAC into simple kernels such as original UNIX and Mach. One of few to succeed commercially in quite a few products from Sidewinder to SELinux.