SELinux Game

Learn SELinux by doing. Solve Puzzles, show skills.

Master SELinux Through Interactive Challenges

Work through real-world SELinux scenarios. Each level teaches a core concept through hands-on puzzles that run on your own machine.

Start Level 1

Choose Your Level

Level 1

Enforcing Mode

Understand the three SELinux modes and learn why enforcing mode is the only production-safe choice.

Beginner +100 XP
Level 2

Contexts and Labels

Decode security contexts, inspect labels on files and processes, and fix mislabeled resources.

Beginner +150 XP
Level 3

Custom Policy Modules

Write your first SELinux policy module using audit2allow and compile it into a loadable package.

Intermediate +250 XP
Level 4

Booleans Deep Dive

Toggle policy behavior at runtime without writing custom modules. Master getsebool and setsebool.

Intermediate +200 XP
Level 5

Container Security

Apply SELinux to container workloads. Understand svirt, MCS labels, and how Podman uses type enforcement.

Advanced +350 XP
Level 6

The Boss Level

A broken multi-service stack with SELinux denials across httpd, PostgreSQL, and a custom daemon. Fix them all.

Expert +500 XP
Level 7

Decoding AVC Denials Without audit2allow

Five real AVC denials. Predict the policy fix before the reveal. No audit2allow, no shortcuts.

Advanced +400 XP

Why Learn SELinux?

Every week, somewhere in production, an admin types setenforce 0 and walks away. That single command disables one of the most powerful security mechanisms available on Linux. It is the equivalent of removing the locks from your front door because you lost the key.

SELinux provides mandatory access control that confines every process to the minimum set of permissions it actually needs. Even if an attacker exploits a vulnerability in Apache or PostgreSQL, SELinux prevents that compromised process from reading files, opening network connections, or escalating privileges beyond its defined policy.

The reason so many admins disable it is not that SELinux is broken - it is that they were never taught how it works. This game changes that. Each level gives you a real scenario, real commands, and a real understanding of what the kernel is doing when it enforces a policy decision.

Stop disabling SELinux. Start playing the game.

Guides

SELinux Booleans on RHEL 9

Complete reference for managing SELinux booleans on Red Hat Enterprise Linux 9 and compatible distributions.

SELinux vs AppArmor

A detailed comparison of the two major Linux MAC systems and when type enforcement wins over path-based access control.

All Levels Overview

Browse all six challenge levels with difficulty ratings, XP rewards, and prerequisites.

AltStyle によって変換されたページ (->オリジナル) /