SELinux seems powerful and is a pretty interesting from the perspective of uniform system-wide sandboxing, but... Every time I try touching it, I see thousands of concepts that probably can be simplified. And lets be honest, you cannot only rely on distribution-provided policies. Sooner of later you will need to write your own or patch distribution-provided ones.
And oh, do not undervalue Unix DAC, especially when extended by POSIX ACL.
A general furry public instance. You don't have to be a furry to join. Any and all topics are fair game provided they do not conflict with the Code of Conduct.