> I’ve never seen one where disabling SELinux wasn’t a normal part of provisioning a server.

These days that's just laziness/fear, and it's a shame to see it. It doesn't even make sense any more.