A few times I needed to make a local policy to allow an app to make syscalls it otherwise wasn't allowed to do, iterations of audit2allow made short work of it. On another instance I needed to grep through the existing security context list to find a suitable policy as one already existed and I was just a chcon away from my app working. I haven't had problems with third party apps because they tend not to come with policies so just pick up the default.
I don't think selinux is bad but there does not seem to be the amount of shared knowledge and lore that would allow people to eaisly solve problems when they come up. You can find some help via google or serverfault but the quality is sometimes poor and the most common recommendation is to turn selinux off rather than use the tools that come with to actually understand and fix the problem.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds