Comment Re:I don't think it was a malicious mistake. (Score 1) 212
For example "httpd_enable_cgi" allows CGI scripts to execute. The nice part about the booleans is that you can turn them on/off at will to see if it fixes your issue before making the change permanent.
Oh, if only it were possible to disable cgi in Apache...
This is the problem with SELinux in a nutshell - much of what it does amounts to reinventing the wheel. If a sysadmin is competent enough to make custom policies for SELinux, he's competent enough to edit Apache's configuration.
Adding complexity for its own sake is bad for security.