[AaronFriel]

That's fantastic for Fedora desktop users. I don't expect you'd know, but is there a way to get the same quality of information via a CLI command?

[Too]

grep denied /var/log/audit/*

On some systems the avc violations also get printed in dmesg.

If violations block your whole system from even running, you can enable permissive mode, this only logs violations without enforcing them.

As others already mentioned, turning violation logs into allow rules can be done with audit2allow. Wouldn’t recommend blindly using that though as the generated rules are always either too narrow or too wide, just use it as a guideline.

[yrro]

FYI, "ausearch -i -ts recent -m avc" gives you SELinux violations from the last 10 minutes in slightly more readable form.

[MonaroVXR]

I think there is, I's been a long time since I had issues with SELinux. To be honest I have no idea how the GUI works. I do everything with CLI.

From the top of my head, I don't know. But this might help:

https://wiki.archlinux.org/title/SELinux