[chousuke]

One trick that makes SELinux on RHEL much less of a bother is to always use the system-provided default paths for data and logs, and just mount additional volumes for data at these paths.

The vast majority of SELinux trouble I've seen stems from people customizing things needlessly and then they need to adjust the default policies.

Another common problem is not separating the OS / application binaries, configuration / data and log directories, which is just bad hygiene even without SELinux. I've seen many installs where people have just dropped their stuff in /home/ec2-user and then the whole server breaks at some point because / gets filled by a sudden burst of log entries.