How to actually work with SELinux instead of disabling it — reading denials, using audit2allow responsibly, understanding contexts and booleans, and keeping the one mechanism designed to contain a compromised service enabled.
Mac
-
SELinux in Practice (Not 'Disable It')