For 2 years, I had to set up production environments on RHEL, mostly Apache and Keycloak servers. I had a limited, very specific list of sudo permissions, and I had to ask very specifically what I else needed, which was then granted by people who neither knew nor cared what I was working on.
SELinux permission problems were always the fallback reason when nothing else made sense. With my permissions, I could not just straight up check for it. E. g. Apache would not server a folder, cryptic error -> check file permissions -> check general Apache config problems -> assume SELinux permission is missing and request it, supplying the exact command they need to type.
For 2 years, I had to set up production environments on RHEL, mostly Apache and Keycloak servers. I had a limited, very specific list of sudo permissions, and I had to ask very specifically what I else needed, which was then granted by people who neither knew nor cared what I was working on.
SELinux permission problems were always the fallback reason when nothing else made sense. With my permissions, I could not just straight up check for it. E. g. Apache would not server a folder, cryptic error -> check file permissions -> check general Apache config problems -> assume SELinux permission is missing and request it, supplying the exact command they need to type.