SELinux Short guidance: prefer permissive mode for initial deployment only; then create minimal allow rules and move to enforcing mode.