Linux - RHS333 - SELinux - Security Context, Targeted policy. Changing contexts with chcon. SELinux management and administration.

MarGib July 19, 2026
🌐 🇵🇱 Polski · 🇬🇧 EN
SELinux (Security Enhanced Linux) is a set of Linux kernel modifications and methods for resource allocation for applications. Every process and file in the system has a specific type. Different processes are designed to perform different tasks and interact with different types of files. SELinux establishes rules that define how specific processes gain access to files. Access to specific files is possible only if the appropriate SELinux rule permits it. This is an additional security tool that goes beyond the capabilities offered by standard tools such as groups, users, and ACLs that define file access permissions.



SELinux implements many different security policies such as:

  1. Mandatory Access Control (MAC)
  2. Flux Advanced Security Kernel (FLASK)
  3. Role-based access control (RBAC)
  4. Type Enforcement (TE)

File access rules for specific processes are defined by the contexts set on those files. To check what context a given object has (this can be a file or a directory), we use commands that list files with the appropriate switches:

# ls -Z

# ps -Z

In UNIX systems, there is a saying that "everything is a file". Traditionally, file access is controlled using user accounts, groups, and permission level configurations. In the case of SELinux, we can slightly modify the main saying to "everything is an object", and access control relies on security elements placed in extended attribute fields. Generally speaking, these are fields called security contexts. This set consists of (though not in every system) 5 elements.


  1. user - Indicates the type of user logged into the system. If the logged-in user is "root", the value of this element will be "root". The value for other users will be "user_u". If we escalate our privileges using "su", this value will remain unchanged as "user_u". For processes, this value is defined as "system_u".
  2. role - Using the role parameter, the purpose of a specific file, process, or user is defined. Files have the "object_r" parameter as their role. For processes, the role "system_r" is set. Users also have the "system_r" parameter as their role, because in Linux, processes can be considered objects similar to users.
  3. type - The application of the type parameter is intended to represent the nature of the data present in a given file or process. The rules contained here define which type of process can have access to a given type of data.
  4. sensitivity - Security classifications sometimes used by government agencies.
  5. category - Similar in operation to system groups, but has the ability to block access to data even from the "root" user.


To see what context is set on a given file, we use the file listing command "ls" with the "-Z" switch.

# ls -Z /root/anaconda-ks.cfg /var/log/messages
-rw-------. root root system_u:object_r:admin_home_t:s0 /root/anaconda-ks.cfg
-rw-------. root root system_u:object_r:var_log_t:s0 /var/log/messages

Generally speaking, files inherit contexts from directories:

# ls -Zd /etc/ /etc/bashrc
drwxr-xr-x root root system_u:object_r:etc_t:s0 /etc/
-rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/bashrc

Some files have unique contexts for increased security.

# ls -Z /etc/shadow /etc/aliases /etc/hosts
-rw-r--r-- root root system_u:object_r:etc_aliases_t:s0 /etc/aliases
-rw-r--r-- root root system_u:object_r:net_conf_t:s0 /etc/hosts
---------- root root system_u:object_r:shadow_t:s0 /etc/shadow

If the system is to ensure a sufficiently high level of security, it is recommended that everything be configured under SELinux security restrictions. In RedHat 4, SELinux protected 13 processes, but in RedHat 5, their number increased to 88.

As with files, contexts also apply to processes existing in the system. Checking which context a given process is protected by can be done using the "ps -Z" command.

# ps -ZC rpcbind,bash,crond
LABEL PID TTY TIME CMD
system_u:system_r:rpcbind_t:s0 1312 ? 00:00:00 rpcbind
system_u:system_r:crond_t:s0-s0:c0.c1023 1800 ? 00:00:01 crond
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2238 pts/0 00:00:00 bash

Every process whose type is defined as unconfined_t is not subject to SELinux restrictions. An example of a process not subject to SELinux is the "bash" shell visible above.

To display all processes along with their SELinux contexts, we use the commands:

ps -eZ

ps Zax


Enabling and disabling SELinux


Whether SELinux will be enabled or disabled after a system restart is determined by the configuration file:

/etc/selinux/config

In which we can set parameters such as:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Above is the content of the configuration file, which, thanks to the included comments, does not need explanation, but for those who do not know English, it can be said that SELinux can operate in three modes:
  • enforcing - security policies enabled
  • permissive - policies disabled but monitored, providing messages about their activity
  • disabled - SELinux policies not running

TARGETED POLICY


In RedHat Enterprise Linux, the default SELinux security policies are those referred to as "targeted". If we use targeted SELinux policies, it means that processes are run within an existing domain. For example, by default, a logging-in user gets a context from the "unconfined_t" category, and running system processes have the default "initrc_t" context. Both the user and the processes have no restrictions.

Both restricted and unrestricted objects are subject to permission checks enabling writing and executing code in memory. By default, objects with unset and unrestricted contexts do not have write and execute permissions, which is a restriction protecting against memory buffer overflows. Memory control can be bypassed using appropriate boolean variables.

The setting for the type of policies used is found in the previously mentioned file:

# vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.

SELINUX=enforcing

# SELINUXTYPE= type of policy in use. Possible values are:

# targeted - Only targeted network daemons are protected.

# strict - Full SELinux protection.

SELINUXTYPE=targeted


RESTRICTING PROCESSES


Almost every service such as sshd or httpd running and listening on the network has appropriate context settings intended to introduce restrictions and ensure proper security. Most processes run with "root" privileges also have restrictions; a good example here is the passwd command. Restricting a process with a given context means running it in its own separate space; for example, the web server service, httpd, has the httpd_t context. Assigning "its own space" - a context for a given process - is significant in case the service is attacked. The applied context limits the attacker's room for maneuver (even if they manage to attack the given process or service) to the space of that process only, preventing them from moving beyond its scope to other services in the system.

Example demonstrating how contexts work.


The example will show how SELinux security prevents the apache web server service (httpd) from reading files that have not been properly labeled, such as files intended for the SAMBA service. Please remember that this is only an example of operation and should not be used in production environments.

To perform this exercise, the httpd and wget services must be installed on the system. SELinux must be enabled in enforcing mode.

Step 1 - Checking SELinux operation

# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted

The above result of the "sestatus" command indicates that SELinux is running in the correct mode.

Step 2 - While logged in as "root", we create a test file for the web server

# touch /var/www/html/pliktestowy

Step 3 - We check the SELinux context of the created file

# ls -Z /var/www/html/pliktestowy
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/pliktestowy

By default, RedHat Enterprise Linux system users operate in a mode unrestricted by contexts, which is why the created test file has a context labeled as "unconfined_u". In the case of files, the set role "object_r" has no significance. The next entry visible in the context, "httpd_sys_content_t", means that the httpd service has authorized access to this file.

Step 4 - With "root" privileges, we start the web server service

# service httpd start
Starting httpd: [ OK ]

Step 5 - We navigate to a directory where the currently logged-in user has read and write permissions and download the file using wget.

# wget http://localhost/pliktestowy
--2013-09-04 10:22:24-- http://localhost/pliktestowy
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13 [text/plain]
Saving to: “pliktestowy”

100%[======================================>] 13 --.-K/s in 0s

2013-09-04 10:22:25 (451 KB/s) - “pliktestowy” saved [13/13]

The file should be downloaded without any problems.

Step 6 - Using the chcon command as "root", we change the context of the created file.

# chcon -t samba_share_t /var/www/html/pliktestowy

We check if the changes have been applied

[root@margib-centos ~]# ls -Z /var/www/html/pliktestowy
-rw-r--r--. root root unconfined_u:object_r:samba_share_t:s0 /var/www/html/pliktestowy

Step 7 - After changing the context, let's try to download the created file again

# wget http://localhost/pliktestowy
--2013-09-04 10:30:28-- http://localhost/pliktestowy
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2013-09-04 10:30:28 ERROR 403: Forbidden.

The SELinux security mechanism worked and prevented the httpd service from accessing the file, so it is no longer available through this service.

Information about the denied access will also be recorded in the log:

# /var/log/audit/audit.log

type=AVC msg=audit(1378283428.681:25897): avc: denied { getattr } for pid=2207 comm="httpd" path="/var/www/html/pliktestowy" dev=dm-0 ino=664816 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file

and in the log:

/var/log/httpd/error.log

[Wed Sep 04 10:30:28 2013] [error] [client 127.0.0.1] (13)Permission denied: access to /pliktestowy denied

After completing the exercise, you can remove the unnecessary files and stop the httpd service

# rm -rf /var/www/html/pliktestowy
# service httpd stop

CHANGING CONTEXTS - chcon COMMAND.


As you can see in the exercise above, the chcon command is used to change contexts. We perform the change in the following way:

# ls -Z post-install.log

-rw-r--r--. root root system_u:object_r:admin_home_t:s0 post-install.log

# chcon -t etc_t post-install.log

# ls -Z post-install.log
-rw-r--r--. root root system_u:object_r:etc_t:s0 post-install.log

We can also change the context by referencing another file, so that the file whose context we are changing will have the same context as the one we are referencing.

# ls -Z anaconda-ks.cfg
-rw-------. root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg

# chcon --reference /etc/shadow anaconda-ks.cfg

# ls -Z anaconda-ks.cfg
-rw-------. root root system_u:object_r:shadow_t:s0 anaconda-ks.cfg

For security, it is possible to restore default system contexts for files; for this purpose, we use the restorecon command.


# restorecon /root/*

# ls -Z /root/

-rw-------. root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg
-rw-r--r--. root root system_u:object_r:admin_home_t:s0 post-install

SELinux MANAGEMENT


SELinux can operate in the following modes:
  • Enforcing
  • Permissive
  • Disabled
The command to check if the SELinux service is enabled is: getenforce.

# getenforce
Enforcing

Enabling or disabling the service can be done with the command: setenforce 1|0

# setenforce 0
# getenforce
Permissive

# setenforce 1
# getenforce
Enforcing

Setting SELinux boolean variables for individual services can be checked with the command: getsebool. For the httpd service, it looks as follows:

# getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_verify_dns --> off

Changing boolean variables for SELinux for a given service is done with the command: setsebool on | off

# setsebool allow_httpd_anon_write on
# getsebool -a | grep httpd
allow_httpd_anon_write --> on

DISABLING SELinux


The only way to completely disable the SELinux service is to change the SELINUX value in the /etc/sysconfig/selinux file to "disabled" and restart the operating system. You can also set the selinux=0 option in GRUB as a system boot option. The SELINUXTYPE value remains unchanged.

GRAPHICAL TOOLS for SELinux


For managing and configuring SELinux, there is also a graphical tool system-config-selinux, which is part of the policycoreutils-gui package.


If an application attempts to gain access not authorized by SELinux rules, it is blocked, and information about this fact will appear in the /var/log/audit/audit.log log.



Facebook X E-mail

Comments

Dodaj komentarz

Explore

Labels

learning 15 Security 13 automation 12 news 11 Anthropic 10 Windows 10 browsers 10 Automation 9 Opera 9 Technology 9 AI ethics 8 Configuration 8 RHCE 8 Software 8 facebook 8 web applications 8 Exam 7 LLM 7 OpenAI 7 chrome 7 coaching 7 curiosities 7 technology 7 www 7 Docker 6 Microsoft 6 Mind 6 Programming 6 Red Hat 6 Web browser 6 cybersecurity 6 entertainment 6 new technologies 6 security 6 AI agents 5 ChatGPT 5 Claude AI 5 Cybersecurity 5 God 5 Performance 5 Productivity 5 algorithms 5 books 5 machine learning 5 network 5 networking 5 open source 5 programming 5 AI 2026 4 CentOS 4 Claude 4 IT security 4 LVM 4 Open Source 4 RH442 4 RHS333 4 Ubuntu 4 Vivaldi 4 Windows 10 4 Windows system administration 4 applications 4 bash 4 containers 4 future of technology 4 future of work 4 health 4 language models 4 mindfulness 4 n8n 4 people 4 photography 4 psychology 4 system administration 4 trivia 4 AI safety 3 Administration 3 Android 3 BIG DATA 3 Business 3 FIFA 3 Firefox 3 Google projects 3 Homelab 3 Installation 3 Kubernetes 3 Local AI 3 Personal Development 3 Personal Finance 3 Privacy 3 Programs 3 Python 3 communication 3 computer science 3 extensions 3 faith 3 ftp 3 games 3 good movie 3 help 3 human 3 interesting websites 3 interface 3 macOS 3 media 3 mental health 3 money 3 open-source 3 opensource 3 personal competencies 3 personal development 3 privacy 3 reading 3 religion 3 tools 3 users 3 virtualization 3 web browser 3 websites 3 AGI 2 AI Act 2 AI assistant 2 AI at work 2 AI benchmarks 2 Apache 2 Asus 2 AutoGen 2 Career 2 Centos 2 Claude 3.5 Sonnet 2 Cloud 2 Codex 2 DNS 2 Debian 2 Debugging 2 DevOps 2 Docker Machine 2 Drones 2 Education 2 Error 2 Fable 2 Free Red Hat 2 GDPR 2 GPT-4 2 Guide 2 Hardware 2 Intel 2 Intelligence 2 Japan 2 JavaScript 2 Job Market 2 Kerberos 2 Kernel 2 Linux kernel 2 Machine Learning 2 Medicine 2 Mythos 2 NIS 2 Navy SEALs 2 Netflix 2 Poland 2 Psychology 2 Puppeteer 2 RAID 2 RHEL7 2 RSS 2 Rocky Linux 2 Rust 2 Sakana AI 2 Security Network Services 2 Self-hosting 2 Servers 2 Software Engineering 2 Ubuntu Server 2 Windows administration 2 Windows errors 2 ansible 2 better life 2 brain 2 brain-computer interfaces 2 chat 2 children 2 cloud storage 2 communicator 2 communities 2 computer intelligence 2 computers 2 conferences 2 courses 2 creativity 2 critical thinking 2 curl 2 cyberattacks 2 data 2 death 2 developer tools 2 digital detox 2 digital hygiene 2 documentary 2 earning 2 emotions 2 file storage 2 file system 2 fix 2 free application 2 free courses 2 free knowledge from the internet 2 free training 2 future of AI 2 future skills 2 genius 2 hacker 2 investments 2 iostat 2 iptables 2 kernel 2 labor market 2 local AI 2 logs 2 mind manipulation 2 mind programming 2 mobile 2 mobile apps 2 mobile phones 2 motivation 2 movie 2 multimedia 2 neurotechnology 2 operating systems 2 optimization 2 overstimulation 2 partitions 2 performance 2 personal thoughts 2 philosophy 2 photos 2 plugin 2 podcast 2 prompt 2 regulations 2 sar 2 scientific facts 2 self-development 2 shell 2 social media 2 software 2 technological innovations 2 technology addiction 2 terminal 2 torrent 2 trick 2 virtualbox 2 wealth 2 weather 2 web 2 wisdom 2 youtube 2 (Treści etykiet nie zostały podane w treści wejściowej) 1 120B models 1 2026 photography market 1 21st Century Skills 1 2FA 1 2nm processors 1 3D printing 1 5 GHz 1 6 GHz 1 64 bit 1 7 1 ACT therapy 1 AF_ALG 1 AGAT 1 AI API key theft 1 AI Agents 1 AI Frameworks 1 AI Governance 1 AI History 1 AI Safety 1 AI addiction 1 AI agent attack 1 AI autonomy 1 AI censorship 1 AI chatbots 1 AI collaboration 1 AI cyber threats 1 AI cybersecurity 1 AI future 1 AI governance 1 AI in Linux 1 AI in art 1 AI in education 1 AI in healthcare 1 AI in industry 1 AI in school 1 AI in science 1 AI in sports 1 AI integration 1 AI interaction 1 AI on mobile devices 1 AI optimization 1 AI regulation 1 AI security 1 AI superchips 1 AI threats 1 AI tool attacks 1 AI tools 1 AI workflows 1 AIMP 1 AMD ROCm 1 AMLD6 1 API 1 API key protection 1 AWS 1 Acquisition 1 Agentjacking 1 Alan Watts 1 Alexander Gerst 1 Alfred 1 AlmaLinux 1 Alpine Linux 1 Amazon Kuiper 1 Andrej Karpathy 1 Anonymous 1 Apple 1 Apple 2025 1 Apple Silicon 1 Aria AI 1 Audacity 4 1 AutoJack 1 Azure 1 BCI 1 Backstage 1 Banking 1 Bash 1 Bazel 1 Bible 1 Big Data 1 Bill Warner 1 Biotechnology 1 Black Mirror 1 Blackwell B100 1 Blockchain 1 Bonding 1 Bono 1 Business and Finance 1 C++ 1 CCPA 1 CPU 1 CUA 1 CUDA 1 CVE-2026 1 Career Development 1 Chat GPT 1 Chemtrails 1 ChildOnlineSafety 1 Claude Cowork 1 Claude Fable 1 Claude Sonnet 5 1 Coaching 1 Computer-Using Agent 1 Constitutional AI 1 Copilot 1 Copilot for Finance 1 Couching 1 CrewAI 1 Cryptocurrencies 1 Cyberbullying 1 DFS 1 DMA 1 DORA 1 DSA 1 Dario Amodei 1 Darwin 1 Data Science 1 Deep Learning 1 Deep Reading 1 DeepSeek 1 Deepseek 1 Deluge 1 Devin AI 1 Diagnostics 1 Digitalization 1 Distributions 1 Docker containers 1 Drivers 1 Dystrybucje 1 E2EE 1 E2EE vulnerabilities 1 EA GAMES 1 EA SPORTS 1 Earth AI 1 Economics 1 Email 1 Emigration 1 Enterprise Linux 1 Entrepreneurship 1 Epicureanism 1 European Funds 1 European Union 1 European technology 1 Excel 1 FIFA 16 1 Facebook 1 Fact-checking 1 Fake News 1 Flannel 1 Flynn Effect 1 Football 1 Formoza 1 Foundation 1 Free 1 Free Software 1 Free software 1 Fugu Ultra 1 Future 1 Future of Finance 1 Future of Work 1 GLM-5.2 1 GPG Tools 1 GPT 1 GPT-4.5 1 GPT-4o 1 GPT-Live 1 GPU Cloud 1 GROM 1 GRUB 1 GUI 1 Gemini 1 Gemma 4 1 Generation Z 1 GhostLock 1 GitHub 1 GitOps 1 Golden Gate 1 Google Assistant 1 Google DeepMind 1 Google Gemma 4 12B 1 Google Research 1 Google activity 1 GoogleFamilyLink 1 Goose 1 Got Talent 1 Gregory Kurtzer 1 Guides 1 HTML 1 Hardware Requirements 1 Health Intelligence 1 Hygge 1 IAM 1 IBM 1 IDE 1 IDE security 1 IQ 1 ISIS 1 ISO 1 ISS 1 IT 1 IT automation 1 IT costs 1 IT history 1 Innovation 1 Intelligent email 1 Internet Browser 1 Internet browser 1 InternetEducation 1 Interview 1 Islam 1 Islamic State 1 Jacquard 1 Jboss 1 Jellyfin 1 JetBrains Marketplace 1 Jetson Thor price 1 Joel Pearson 1 Kali Linux 1 Karen Hao 1 Khan Academy 1 Kimi K3 1 Kodi 1 Kylian Mbappé 1 LLM Deployment 1 Labor Market 1 LangChain 1 Legal regulations 1 LibreOffice 1 Linus Torvalds 1 Linux 7.3 1 Linux automation 1 Linux diagnostics 1 Linux for business 1 Linux system tools 1 Linux task management 1 Linux task scheduling 1 Logs 1 Londoners 1 MAS 1 MCP 1 MFA 1 MLX 1 Maps 1 MarGib_Film 1 Marek Jankowski 1 Mars helicopter 1 Material Design 1 Matt Pocock 1 Microsoft 365 1 Military 1 Mindfulness 1 Mistral AI 1 Miłosz Brzeziński 1 Model Context Protocol 1 Monitoring 1 Moonshot AI 1 MrBallen 1 Multi-Agent Systems 1 My take 1 NATO 1 NFS 1 NIS2 1 NTFS 1 NVIDIA 1 NVIDIA Blackwell 1 NVIDIA Jetson Thor 1 National security 1 Neural Networks 1 New 1 Nginx 1 No comment 1 Node.js 1 Non-profit 1 Notion 1 Nvidia 1 Odysseus 1 OneTrust 1 OpenSSL 1 Opera Air 1 Opera Neon 1 Opera Touch 1 Operating Systems 1 P2P 1 PARP 1 PDF conversion 1 PDF editor 1 PDF merging 1 Pac-Man 1 Pekao S.A 1 Peperclips 1 Perceptron 1 Personal development 1 Philosophy 1 Photoshop 1 Playwright 1 Plex 1 Poland 2026 1 Poles 1 Polish universities 1 PostgreSQL 1 PowerShell 1 Preview 1 Project Maven 1 Project TANGO 1 Proton Drive 1 Proxmox 1 PyTorch 1 Qt Creator 1 Quick Actions 1 Quota 1 Quotes 1 RHEL 1 RHEL8 1 RHSCA 1 RPM 1 Raspberry PI 1 Raspberry Pi 1 Raspbian 1 Raycast 1 Red Hat 8 1 Red Hat Enterprise Linux Developer Suite 1 Red Hat Network Satellite 1 RedHat 8 1 Regex 1 Robo-advisors 1 Routing 1 SMEs 1 SUSE 1 SafeInternet 1 SaferInternetDay 1 Safety 1 Sakana Fugu 1 Search 1 Sector 3.0 Festival 1 Security Auditing 1 September 23 2017 1 Server Administration 1 Signal 1 Smart City 1 Snip. 1 Social Media 1 Soli 1 Solo Projects 1 Solopreneurship 1 Something from myself 1 Sound 1 Sovereign AI 1 Sport 1 Spotify 1 Stacher.IO 1 Stacher.IO installation 1 Starlink 1 Steam Deck 1 Stoicism 1 SysAdmin 1 System Administration 1 Tech 1 Tech Weekly 1 Telegram 1 TensorFlow 1 The Shack 1 Time Management 1 Tips 1 Tokenomics 1 Tools 1 Tribler 1 Tutorial 1 U.S. 1 U.S. government 1 U2 1 UI testing 1 USB 1 UV 1 Ubuntu 26.04 1 VentuSky 1 VirtualBox 1 Virtualization 1 WBC 1 WSL 3 1 WWDC 2026 1 WWDC26 1 Warsaw 1 Weave 1 Web Scraping 1 Websites 1 WhatsApp 1 Wi-Fi 6 1 Wi-Fi 6E 1 Wi-Fi channels 1 Windows update 1 Work 1 Workflow 1 World Cup 1 World Cup 2026 1 World Cup AI 1 World Wide Web 1 X-Files 1 X-files 1 YouTube 1 Yuval Noah Harari 1 ZUS 1 ZenFone 1 Zero-Touch OAuth 1 Zorin OS 1 a drop of motivation 1 about this blog 1 academic fraud 1 access control 1 account security 1 achieving goals 1 ad blocking 1 addiction 1 administrator 1 agent systems 1 aids 1 ampere altra 1 analog photography 1 animations 1 application prototyping 1 arm servers 1 arm64 1 assertiveness 1 astronomy 1 at one-time tasks 1 at vs cron 1 atd daemon 1 audio 1 audio editing 1 authenticity in art 1 authorization 1 autofs 1 automateit 1 automation security 1 automation system attack 1 autonomous cars 1 awareness 1 awk 1 aws graviton 1 bank 1 bash on windows 1 bat files 1 batch 1 battery 1 beliefs 1 beta 1 better living 1 better quality 1 big data 1 bin/bash 1 biodiversity 1 blocking 1 blogger 1 body language 1 bookmarks 1 boot 1 bootable usb 1 boxing 1 browser automation 1 business intelligence 1 c# 1 cache 1 calc 1 campaign 1 cards 1 centralized platforms 1 chemistry 1 child psychology 1 children's emotional development 1 city design 1 clearance 1 cli tools 1 climate change 1 clothing industry 1 cloud 1 cmd 1 code editor 1 cognitive abilities 1 cognitive psychology 1 coldplay 1 command history 1 command line 1 command prompt 1 commando training 1 comments 1 compliance 1 compliance automation 1 compliance tools 1 computer interaction 1 computer performance 1 concentration 1 configuration management 1 conntrack 1 console 1 conspiracy 1 conspiracy theories 1 controversial 1 converter 1 corporate world 1 cost optimization 1 courage 1 courses for free 1 cron 1 cryptography 1 cynics 1 dark mode 1 data security 1 database 1 datasette 1 date and time 1 deep brain stimulation 1 deep learning 1 democracy 1 desertification 1 design patterns 1 design systems 1 developers 1 digital addiction 1 digital clothing 1 digital competencies 1 digital education 1 digital ethics 1 digital habits 1 digital manipulation 1 digitalization 1 disqus 1 document 1 document conversion 1 document signing 1 dreams 1 drop of motivation 1 drought 1 dubai 1 dying 1 e-book 1 eBPF 1 ecology 1 economy 1 ecosystem restoration 1 edge computing 1 elections 1 encryption 1 end of the world 1 end of world 1 end-to-end encryption 1 energy 1 energy efficiency 1 environment and health 1 ethical AI 1 evolution 1 excel 1 exploitation 1 extreme 1 fdisk 1 file sharing 1 file size 1 film zone 1 firewall 1 flash drive 1 flat earth 1 flying 1 food 1 football 1 for sale 1 format change 1 free 1 free software 1 friend location 1 future of architecture 1 future of education 1 future of energy 1 future of humanity 1 future of medicine 1 future of the brain 1 future of the internet 1 future of transport 1 game 1 geoengineering 1 global connectivity 1 google chat 1 graphics 1 graphics editors 1 growing up 1 hacking 1 happiness 1 hard-link 1 hashing 1 hedonic adaptation 1 helion 1 history 1 hivemind 1 hobby 1 home hosting 1 homelab 1 hostname 1 hostnamectl 1 hosts.allow 1 hosts.deny 1 how many people live on earth 1 httpd 1 humanity 1 humor 1 hybrid cloud 1 iOS 1 iPhone 18 Pro 1 iPhone launch 1 iSCSI 1 iftop 1 image generation 1 immortality 1 influencer criticism 1 information manipulation 1 infrastructure 1 infrastructure scalability 1 innovation 1 installation 1 integrations 1 intelligence 1 internet applications 1 investigative journalism 1 investing 1 jailbreaking 1 javascript 1 job market 1 kernel security 1 keyboard shortcuts 1 kuba wojewódzki 1 light 1 limits 1 linux kernel 1 livepatch 1 login 1 loop-audit 1 loop-cost 1 loop-init 1 macOS Sequoia 1 machine cloning 1 magic 1 make life harder 1 making money 1 malicious JetBrains plugins 1 malware in IDE 1 markdown 1 markitdown 1 material design 1 media streaming 1 medicine 1 meditation 1 memory 1 message security 1 messenger 1 meteorology 1 microsoft 1 microtargeting 1 military ethics 1 mobile applications 1 mobile photography 1 model interpretability 1 modern technologies 1 monitoring 1 monorepo 1 mounting 1 mounting image 1 mp3 player 1 mpstat 1 multimedia tools 1 multimodality 1 music 1 music player 1 mysteries 1 n8n security 1 national defense 1 nature conservation 1 net use 1 nethogs 1 network cards 1 network monitoring 1 network resources 1 network security 1 neurobiology 1 neuroenhancement 1 neuroplasticity 1 neuropsychology 1 new life 1 new player 1 new things 1 nftables 1 office 1 onboarding 1 one-time cron 1 onestep4red 1 online 1 online courses 1 online privacy 1 operating system 1 outage 1 package manager 1 paper clips 1 paradox of the fulfilled dream 1 parenting 1 parents 1 parted 1 password 1 password change 1 password policy 1 password recovery 1 password security 1 passwords 1 pdf 1 penetration testing 1 perseverance 1 persistent memory 1 personal data 1 phishing 1 php 1 plagiarism detection 1 plague 1 player 1 poison 1 police 1 predictions 1 privilege escalation 1 processes 1 productivity 1 productivity tools 1 promissory notes 1 protection 1 ps 1 python 1 questions 1 radar 1 raspberry pi 5 1 real-time AI 1 red 1 relax 1 relaxation 1 remote work 1 renewable energy sources 1 reportage 1 rest 1 risk 1 robotaxi 1 root 1 router 1 routing 1 runlevel 1 satellite data 1 satellite internet 1 science 1 scientific research 1 scraping 1 screen 1 screenshot 1 self-hosting 1 series 1 server 1 settings 1 shadow AI 1 show 1 skills 1 skydive 1 sleep 1 small big company 1 smart clothing 1 smartphone 1 smartphones 1 social engineering 1 society 1 software engineering 1 space 1 space technology 1 special forces 1 sport 1 sports 1 spreadsheet 1 sqlite 1 stale data 1 stalking 1 statistics 1 streaming 1 sub-millimeter sensor 1 success 1 symbolic link 1 syngrapha 1 sysctl 1 syslog 1 system acceleration 1 system diagnostics 1 system kernel 1 systemd 1 tablet 1 talk show 1 tcpdump 1 technical documentation 1 technology 2026 1 technology ethics 1 technology future 1 technology regulations 1 television 1 terrorism 1 testing 1 the world in numbers 1 theology and science 1 threats 1 time management 1 time travel 1 timelapse 1 tips 1 traditional photography 1 tutorials 1 two-factor authentication 1 ubuntu 1 udev 1 upbringing 1 updates 1 user interface 1 video conversion 1 violence in the military 1 viral 1 walking 1 walking meetings 1 water retention 1 weather forecasting 1 webmaster 1 wellbeing 1 wind energy 1 wind turbine optimization 1 windows automation 1 wireless network 1 word processing 1 work 1 work automation 1 world 1 world cup 2026 1 world wide web 1 you are a miracle 1 yum 1 zeitgeist 1

Blog archive

Table of contents