The problem with security by policy is the policy is always wrong. :)
The largest problem with SELinux isn’t just that people turn it off right away because it’s confusing — the result of this is the problem. Most of the time the bugs in a default install are because the security policies are wrong. If everyone turns SELinux off, no one reports the bugs in the default policy :).
The SELinux team is very responsive, and they love to fix policy bugs (I’ve met the project lead, it’s true!).
I would like to see more SELinux documentation for developers. As an app developer how do I write a policy and distribute it to users? Right now it’s very hard to get the mental model right. All the documentation I’ve read so far is either large and complicated or overly simplistic. It would be great if there’s documentation that explains things step by step.
Unfortunately I have to recommend my users to disable SELinux at this time. I’ve been asking for SELinux compatibility contributions for years. Some people volunteered but never finished the job. It seems either very few people understand SELinux, or it’s so much of a pain no contributor wants to bother.