MicroOS

Breaking (and Recovering) SELinux

Breaking (and Recovering) SELinux

Connor Grout

This is a post about caution and how a simple mistake you can make can blow up a month after you make it. But as with anything, breaking something leads to fix it and learning a lot. This post will cover SELinux file contexts, SELinux tools such as semanage, restorecon, and matchpathcon, the nature of immutable filesystems and some fun quarks of btrfs.

The Beginning

So to start, I run OpenSUSE MicroOS as my server environment at home. This atomic server works great because all of the apps that I run are microservices. I have yet to migrate to Kubernetes, I really need to do that, so I am using podman and it’s systemd integration to run my stack. It actually works surprisingly well since everything from containers, networks, volumes, etc. are all defined in systemd unit files. This makes setup really easy because it all standardized and you can use systemctl and journalctl to manage your containers and logging.