audit2allow really isn't that hard for developers to deal with. It'll tell them exactly what operation was tried, on exactly what (e.g., which file). Developers of the application can usually quickly figure out whether or not that's reasonable. The problem is when END-USERS try to deal with audit2allow; end-users typically don't know enough about the application to know if something was "reasonable". So as a long as _developers_ are using audit2allow to refine the policy, it's probably a really good thing.