Using SELinux on Debian Stretch is great as Stretch provides the latests versions of the essential tools like SETools3, and the SELinux User Space utilities and libraries version 2.6. Not even Fedora Rawhide has these, so in that sense Debian has the advantage.
To complement the above I have created a policy model that, I would argue, is (close to) perfect for a community distribution such as Debian. The model provides a a solid base to build upon. By default it does not block much so if you do not actually use it, you probably wont even notice it is there. The purpose is to lower the barrier of entrance though. Meaning, You can have SELinux enabled and at your disposal, but not use it or use it at your own pace to address your own security challenges. It makes it accessible. You can compare it to the default iptables config in Debian where your tables are empty but set to allow by default. Unless you are aware of iptables you will not notice its presence, however it is there and ready to be used.
The only thing one really hs to do is to learn what security challenges SELinux helps to address, Learn how SELinux helps to address the aforementioned access control challenges, and learn how to speak to, and listen to SELinux.
Here is a blog post with instructions and demo videos:
https://doverride.blogspot.nl/2016/1...h-my-name.html