Selinux seems to “dontaudit” logs by default. This means that when selinux is permissive, your plugins will work, and when you setenforce 1 your server, plugins fail. This all happens without warnings. If you see this happening:

1. Disable dontaudit: semodule -DB
2. See avc entries filling up audit.log, pipe through audit2allow.
3. Enable again: semodule -B