Work through real-world SELinux scenarios. Each level teaches a core concept through hands-on puzzles that run on your own machine.
Start Level 1Understand the three SELinux modes and learn why enforcing mode is the only production-safe choice.
Beginner +100 XPDecode security contexts, inspect labels on files and processes, and fix mislabeled resources.
Beginner +150 XPWrite your first SELinux policy module using audit2allow and compile it into a loadable package.
Intermediate +250 XPToggle policy behavior at runtime without writing custom modules. Master getsebool and setsebool.
Intermediate +200 XPApply SELinux to container workloads. Understand svirt, MCS labels, and how Podman uses type enforcement.
Advanced +350 XPA broken multi-service stack with SELinux denials across httpd, PostgreSQL, and a custom daemon. Fix them all.
Expert +500 XPaudit2allow Five real AVC denials. Predict the policy fix before the reveal. No audit2allow, no shortcuts.
Every week, somewhere in production, an admin types setenforce 0 and walks away. That single command disables one of the most powerful security mechanisms available on Linux. It is the equivalent of removing the locks from your front door because you lost the key.
SELinux provides mandatory access control that confines every process to the minimum set of permissions it actually needs. Even if an attacker exploits a vulnerability in Apache or PostgreSQL, SELinux prevents that compromised process from reading files, opening network connections, or escalating privileges beyond its defined policy.
The reason so many admins disable it is not that SELinux is broken - it is that they were never taught how it works. This game changes that. Each level gives you a real scenario, real commands, and a real understanding of what the kernel is doing when it enforces a policy decision.
Stop disabling SELinux. Start playing the game.
Complete reference for managing SELinux booleans on Red Hat Enterprise Linux 9 and compatible distributions.
A detailed comparison of the two major Linux MAC systems and when type enforcement wins over path-based access control.
Browse all six challenge levels with difficulty ratings, XP rewards, and prerequisites.