That is not the problem of SELinux: The software manufacturers are the ones that should provide the .pp and .te files
What SELinux should do and does not, is provide tools that
audit your software
report possible issues
offer to create .pp and .te files
What OS maintainers should also have (or maybe SELinux, not sure), is a way of seeing the possible outcome on the state of your box, if a new policy is enforced
OK, one more thing; it would be nice if SELinux had revision tags that you can just go back to: setenforce --revert --to "before ngnix" or something like that
That is not the problem of SELinux: The software manufacturers are the ones that should provide the .pp and .te files
What SELinux should do and does not, is provide tools that
audit your software
report possible issues
offer to create .pp and .te files
What OS maintainers should also have (or maybe SELinux, not sure), is a way of seeing the possible outcome on the state of your box, if a new policy is enforced
OK, one more thing; it would be nice if SELinux had revision tags that you can just go back to: setenforce --revert --to "before ngnix" or something like that