But i find that in general when I setup a box I leave Selinux in permissive mode and then go threw the paces of connecting to every service i want running and all associated options so for example if you setup a website that makes use of scripts i would recommend you run them all and after completed and hopefully before you ever connect the box to the internet you run the steps below to create a policy module. I find that this has prevented me from having major issues and i get the benefits of Selinux.
To create a rule that pretty much allows all AVC denials:
audit2allow -M May022011 < /var/log/audit/audit.log
make sure all is as expected.
To Append to an existing rule that was previously created.
audit2allow >> May022011.te < /var/log/audit/audit.log
After the rules have been confirmed you need to insert the selinux module you created using the following command.
semodule -i May022011.pp
Alot more details can be found at the following link by . Dan Walsh