[generalizations]

Have you ever read the commands the auditor gives you? They can be laughably broad, barely short of just giving the app unconfined permissions. If you're just blindly copy-pasting what it tells you, you might as well just disable it.

[Spivak]

Yeah, they're not great recommendations sometimes but they do have the advantage of always allowing the behavior which I think is meant to not make a frustrated ops person even more mad. But I disagree on the "you might as well disable it" because now you've lost the policies on the thousands of packages you didn't make exceptions for. Even if $company_app is running basically unconfined at least sshd is still locked down.