I agree with you mostly.
Concerning the error messages, in my experience, it is even worse: Not only are they not
sensible for an average desktop user, they are not even sensible for an experienced sysadmin
user! Therefore, using SELINUX on a desktop system is doomed to cause great pains for the user
community. (It bothers me only on an abstract level, though. On the desktop, I use SUSE...
But I don't think that the traditional Unix security model (easy as it is) can survive in the
long run. In our Internet-connected age the environment and associated threat model got more
complex, and such simple solutions won't be adequate in the long run. But I don't have any
idea how one can teach compartimentation and MAC to run-of-the-mill sysadmins and end-users
who are forced to be their own sysadmins.