Amen: a new system requires new knowledge, and that's why SELinux isn't gaining user
acceptance. That, and the fact that it's hard to use, so even admins can struggle with it.
Normal LS doesn't show the context of a file
It can be tricky to set up new labelling rules
Until recently it was really annoying to diagnose what was failing and why
Fedora 8 fixed this for me with the SEAlert applet. Now when there is an SELinux failure on
my system I can see what is wrong, and what command I should run to allow the access that was
denied. This helps a great deal. What we need now is a tool which lets you, for a specific
program, generate new SELinux rules so that you can install something and have it just work.
For example, I like to run my HTTP doc-root in /home/httpd (I'm a hold-out from RH 6). SELinux
makes this nearlly impossible. I've given up on this and resorted to manually changing the
labels of files. But given how arcane this is I can see why people still resist.