Practical Engineering
open-menu closeme
Engineering
github linkedin rss

  • SELinux Concepts

    calendar Jun 15, 2025 · 5 min read · Linux SELinux  ·
    Share on: twitter copy

    Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) system that enhances Linux security. "Mandatory" means access control is strictly enforced by predefined policy rules—users and processes cannot modify these rules at will, ensuring security is not left to individual discretion. SELinux is …


    Read More

  • x509: certificate signed by unknown authority? Maybe the cert pool is empty

    calendar Apr 15, 2025 · 6 min read · Linux Container SELinux Bottlerocket  ·
    Share on: twitter copy

    I recently worked on getting amazon-ssm-agent to run inside containers on Bottlerocket. During that process, I ran into a TLS issue connecting to amazonaws.com. The root cause turned out be interesting and we'll walk through it in this post. Running amazon-ssm-agent in a container: why and how? To enable sessions …


    Read More

Peng Zhang

Software Engineer

Recent Posts

  • Simplify device path on boot with udev
  • Use KillMode=process with caution: restart loop could deplete resources
  • Spawning a New Process for Socket-Activated Daemons is Error-Prone
  • Be careful making thread-aware syscalls in Go: lock the thread
  • Speed up building Bottlerocket image in AWS CodeBuild
  • Mysterious Image Pull Failures: "401 Unauthorized" and "Not Found" After Migrating Containerd to v2
  • EC2 IMDS is Unstable During Early Boot: Always Retry
  • Who Modified My Program in Bottlerocket?

Tags

LINUX 19 GO 17 ALGORITHMS 8 BOTTLEROCKET 7 INTERVIEW 7 CONTAINER 5 GUIDE 3 DISTRIBUTED-SYSTEM 2 SELINUX 2 SYSTEMD 2 WEB 2 AWS 1 COMPUTER-ARCHITECTURE 1 CONCURRENCY 1
All Tags
ALGORITHMS8 AWS1 BOTTLEROCKET7 COMPUTER-ARCHITECTURE1 CONCURRENCY1 CONTAINER5 CRYPTOGRAPHY1 DATABASES1 DISTRIBUTED-SYSTEM2 DOCKER1 EC21 GO17 GUIDE3 INTERVIEW7 LINUX19 SELINUX2 SHELL1 SYSTEMD2 TESTING1 WEB2
[A~Z][0~9]
Peng Zhang

Copyright 2022-  PENG ZHANG. All Rights Reserved

to-top