Just attended a talk by Ralph Angenendt on selinux. Most of what he said concerned selinux with apache, and much of it was negative: error messages are unhelpful, it’s under-documented, and he’s not aware of anyone working to make apache selinux-aware. Furthermore, a lot of selinux policies duplicate the functionality of apache’s own configuration directives: for example, selinux can be used to disable whole features such as userdirs, CGI execution, and SSI.
Add the fact that the room was horrible, and some idiots were chatting away so I had to strain to hear the speaker, and it was a sadly unproductive talk. I fear selinux will continue to be seen as the enemy for the forseeable future.