I just feel SELinux would add too much burden to sysadmins. I use CentOS + SELinux in one of my VPS and it's already painful. I've been sysadmin in university labs for some years. I did what I think is reasonable, setup a firewall, limit root access, never trust lab servers to the extent that I forward my SSH agent on it... But I don't want users come to me every time they want to run a custom / proprietary program and I spend time writing and debugging MAC rules.
And I don't agree with the article that containers do not add security. Container runtime implements namespace isolation, seccomp filters, etc. and that reduce the attack surface, comparing to running the software directly on the host OS. More importantly in this discussion, it is convenient for sysadmins.
There is no perfect security anyway. And I don't sacrifice convenience for national security level security :)
And I don't agree with the article that containers do not add security. Container runtime implements namespace isolation, seccomp filters, etc. and that reduce the attack surface, comparing to running the software directly on the host OS. More importantly in this discussion, it is convenient for sysadmins.
There is no perfect security anyway. And I don't sacrifice convenience for national security level security :)