selinux is a tool that is cool in principal, but in practice is studpidly hard to work with.
Good tutorial on how to use selinux:
List of commands: https://fedoraproject.org/wiki/SELinux/Commands
However, I’ve been making up a cheatsheet of commands to get it to work, without turning it off:
Cheatsheet
# This is from CentOS 8.2
# Make sure the auditing tools are available
dnf install policycoreutils-python-utils setroubleshoot
# disable the dontaudit logs to show all blocked things.
semodule --build --disable_dontaudit
# set enforcing mode off so we get all things that would have been denied
setenforce 0
# watch the audit logs to find what is being blocked - saving to ipam-selinux-blocks.log file
tail -f /var/log/audit/audit.log -n0 | grep denied --line-buffered | tee selinux-blocks.log
# Now run the thing that you want to work
# Have a browse to see what would have been blocked, and remove any lines you don't want to allow
vim selinux-blocks.log
# You can now compile a working module
cat selinux-blocks.log | audit2allow -M allowpolicy
semodule -i allowpolicy.pp