After I installed OLS I noticed it was running as unconfined_service_t label. This basically circumvents SELinux and allows all processes run by OLS to access entire system checked only by discretionary access control. So I decided to add some custom labels, and enable some booleans giving OLS...