I got tired of setenforce 0. So I built a tool in Rust to actually understand SELinux denials.

Every Fedora user has been there. You're setting up nginx, or configuring a custom app, or mounting a Docker volume — and suddenly everything stops working. You check the logs and you find something like this: type=AVC msg=audit(1612345678.123:456): avc: denied { read } for pid=1234 comm="nginx" name="index.html" dev="sda1" ino=12345 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0 And your brain just... stops. Most people