What I think is utterly useless, is the way error messages are written. The "access denied"
message doesn't give enough information to really help. Generally speaking, I do not work with
SELinux because it is too much work to do the easy part of securing a server. But when I have
no choice and _must_ use SELinux, one of the first thing I do is tagging its error messages
with a nice "[SELINUX]" sticker. Much headache can be avoided...
There is also the problem of the complexity of SELinux : ok, this is a very good security
framework, but it is too hard to explain and to use to/by a casual sysadmin (which is somewhat
common). If someone doesn't want to be bothered with learning the intricacies of SELinux, he
will just disable the policies, or switch to a distro without SELinux enabled by default.