Recently while I was working on strengthening the security of an online password reset tool, I ran into an a pair of file permission issues related to SELinux. I've witnessed many system administrators and engineers throw up their hands when they encounter a problem like this, and turn off SELinux policy enforcement, weakening the security posture of the system. Instead of doing that, I added a new SELinux policy to allow just the operations my new application needed.
