Practical Engineering
open-menu closeme
Engineering
github linkedin rss

  • SELinux Concepts

    calendar Jun 15, 2025 · 5 min read · Linux SELinux  ·
    Share on: twitter copy

    Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) system that enhances Linux security. "Mandatory" means access control is strictly enforced by predefined policy rules—users and processes cannot modify these rules at will, ensuring security is not left to individual discretion. SELinux is …


    Read More

  • x509: certificate signed by unknown authority? Maybe the cert pool is empty

    calendar Apr 15, 2025 · 6 min read · Linux Container SELinux Bottlerocket  ·
    Share on: twitter copy

    I recently worked on getting amazon-ssm-agent to run inside containers on Bottlerocket. During that process, I ran into a TLS issue connecting to amazonaws.com. The root cause turned out be interesting and we'll walk through it in this post. Running amazon-ssm-agent in a container: why and how? To enable sessions …


    Read More

Peng Zhang

Software Engineer

Recent Posts

  • Mysterious Image Pull Failures: "401 Unauthorized" and "Not Found" After Migrating Containerd to v2
  • EC2 IMDS is Unstable During Early Boot: Always Retry
  • Who Modified My Program in Bottlerocket?
  • Introducing bottlerocket-extra-kit: Essential debugging tools for Bottlerocket
  • Tips for Building Bottlerocket AMIs
  • Working Knowledge of Linux Memory: Concepts
  • Detect and fix rare cases where the primary ENI does not serve default traffic
  • SELinux Concepts

Tags

GO 16 LINUX 14 ALGORITHMS 8 INTERVIEW 7 BOTTLEROCKET 4 CONTAINER 3 GUIDE 3 DISTRIBUTED-SYSTEM 2 SELINUX 2 WEB 2 AWS 1 COMPUTER-ARCHITECTURE 1 CONCURRENCY 1 CRYPTOGRAPHY 1
All Tags
ALGORITHMS8 AWS1 BOTTLEROCKET4 COMPUTER-ARCHITECTURE1 CONCURRENCY1 CONTAINER3 CRYPTOGRAPHY1 DATABASES1 DISTRIBUTED-SYSTEM2 EC21 GO16 GUIDE3 INTERVIEW7 LINUX14 SELINUX2 SHELL1 TESTING1 WEB2
[A~Z][0~9]
Peng Zhang

Copyright 2022-  PENG ZHANG. All Rights Reserved

to-top