I am just starting this thread for now and can provide details later.

I am trying to get selinux working on gnome and I'm sad to say it doesn't. I did as the oS docs instruct and switched to enforcing mode to see if it would still work. The machine boots and the gdm login screen appears. Upon logging in the screen stays gray and it eventually goes back to the login screen. There are denies in the audit.log denying gnome-session to some files as its context is xdm_t. I tried both the minimum and targeted policies, relabeled / recursively, and tried again. I thought well surely most of these gnome processes should have some other context on my fedora box. Nope. All xdm_t. getsebool -a | grep xdm reveals no helpful booleans to toggle to allow it to work. So the targeted policy must be different from fedoras.

Basically I want to know if anyone has got the two working. I don't mind making modules to allow the actions that are needed but I wanted to check if there was something low hanging fruit I'm forgetting. Any advice?