Practical Engineering
open-menu closeme
Engineering
github linkedin rss

  • SELinux Concepts

    calendar Jun 15, 2025 · 5 min read · Linux SELinux  ·
    Share on: twitter copy

    Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) system that enhances Linux security. "Mandatory" means access control is strictly enforced by predefined policy rules—users and processes cannot modify these rules at will, ensuring security is not left to individual discretion. SELinux is …


    Read More

  • x509: certificate signed by unknown authority? Maybe the cert pool is empty

    calendar Apr 15, 2025 · 6 min read · Linux Container SELinux Bottlerocket  ·
    Share on: twitter copy

    I recently worked on getting amazon-ssm-agent to run inside containers on Bottlerocket. During that process, I ran into a TLS issue connecting to amazonaws.com. The root cause turned out be interesting and we'll walk through it in this post. Running amazon-ssm-agent in a container: why and how? To enable sessions …


    Read More

Peng Zhang

Software Engineer

Recent Posts

  • Fix Rare Case Where Primary ENI Does Not Serve Default Traffic
  • SELinux Concepts
  • Modern Go idioms
  • A Few Shell Surprises
  • x509: certificate signed by unknown authority? Maybe the cert pool is empty
  • Lessons from an errgroup and Context mishap
  • Avoid panic on expected errors: lessons from operating journald-to-cwl
  • GPG is still in use to verify downloads

Tags

GO 16 LINUX 9 ALGORITHMS 8 INTERVIEW 7 GUIDE 3 CONTAINER 2 DISTRIBUTED-SYSTEM 2 SELINUX 2 WEB 2 BOTTLEROCKET 1 COMPUTER-ARCHITECTURE 1 CONCURRENCY 1 CRYPTOGRAPHY 1 DATABASES 1
All Tags
ALGORITHMS8 BOTTLEROCKET1 COMPUTER-ARCHITECTURE1 CONCURRENCY1 CONTAINER2 CRYPTOGRAPHY1 DATABASES1 DISTRIBUTED-SYSTEM2 EC21 GO16 GUIDE3 INTERVIEW7 LINUX9 SELINUX2 SHELL1 TESTING1 WEB2
[A~Z][0~9]
Peng Zhang

Copyright 2022-  PENG ZHANG. All Rights Reserved

to-top