I dislike selinux with a passion. It goes way too far on the security front for the average user, doesn’t work properly out of the box (blocks things it shouldn’t) and is impossible for the average user to comprehend how to configure it. I am technical, and it hurts my head trying to resolve selinux issues.
I am sure if I spent weeks learning the ins and outs of it, I could get to grips with it and not find it so difficult to address issues, but why should I have to do that?
When setroubleshoot presents a problem to a user there should be a Fix It button. If it’s not possible to code a fix it button, then that is proof that the system is too complicated.
If I wanted military grade security would I really be running the server on a noddy bit of hardware in my dining room? I don’t think so.