SELinux Game

Learn SELinux by doing. Solve Puzzles, show skills.

All Levels

Work through the levels in order or jump to the challenge that matches your current skill. Each level builds on the concepts from the one before it. Complete all six to earn the SELinux Master achievement.

Level 1

Enforcing Mode

Learn the three SELinux modes - enforcing, permissive, and disabled. Understand why enforcing is the only acceptable mode for production systems. Use getenforce, setenforce, and edit /etc/selinux/config to control SELinux behavior across reboots.

Beginner +100 XP
Level 2

Contexts and Labels

Decode the four-part security context format: user, role, type, and level. Inspect labels on files with ls -Z, on processes with ps -Z, and on your own session with id -Z. Fix broken labels with restorecon.

Beginner +150 XP
Level 3

Custom Policy Modules

When the default policy does not cover your use case, you write your own. This level walks through reading AVC denials in the audit log, generating a policy module with audit2allow, compiling it with semodule_package, and loading it into the running policy store.

Intermediate +250 XP
Level 4

Booleans

SELinux booleans let you toggle specific policy rules at runtime without writing or compiling custom modules. Learn to list all booleans with getsebool -a, change them with setsebool -P, and understand the most common booleans for httpd, samba, and NFS.

Intermediate +200 XP
Level 5

Container Security

Modern workloads run in containers, and SELinux confines them with svirt and MCS (Multi-Category Security) labels. This level covers how Podman assigns unique labels per container, what container_t and container_file_t types do, and how to create custom policies for containers that need host access.

Advanced +350 XP
Level 6

The Boss Level

A full application stack is broken. Apache is serving a Django app backed by PostgreSQL, with a custom log-shipping daemon forwarding events to a remote syslog server. Every component has at least one SELinux denial. Diagnose and fix all of them without disabling enforcing mode.

Expert +500 XP
Level 7

Decoding AVC Denials Without audit2allow

Five real AVC denials. No audit2allow allowed. You read the log, predict the policy fix, then we reveal it. Labels, ports, MCS categories, booleans, and one denial you should escalate to incident response instead of writing policy for.

Advanced +400 XP

Scoring

AchievementRequirementTotal XP
SELinux RookieComplete Levels 1-2250 XP
Policy CrafterComplete Levels 1-4700 XP
Enforcement OfficerComplete Levels 1-51050 XP
SELinux MasterComplete all 6 levels1550 XP
Audit Reader, Tier 2Complete Level 7 with 3+/5 challenges called correctly1950+ XP

AltStyle によって変換されたページ (->オリジナル) /