diff --git a/usr/libexec/security-misc/hide-hardware-info b/usr/libexec/security-misc/hide-hardware-info
index 59850ae..849e561 100755
--- a/usr/libexec/security-misc/hide-hardware-info
+++ b/usr/libexec/security-misc/hide-hardware-info
@@ -9,7 +9,7 @@ sysfs_whitelist=1
 cpuinfo_whitelist=1
 
 ## https://www.whonix.org/wiki/Security-misc#selinux
-selinux=1
+selinux=0
 
 shopt -s nullglob
 
@@ -87,10 +87,20 @@ done
 ## SELinux userspace utilities will not function
 ## properly
 if [ -d /sys/fs/selinux ]; then
-    if [ "${selinux}" = "1" ]; then
-        chmod o+rx /sys /sys/fs /sys/fs/selinux
-        echo "INFO: SELinux mode enabled. Restrictions loosened slightly in order to allow userspace utilities to function."
-    else
-        echo "INFO: SELinux detected, but SELinux mode is not enabled. Some userspace utilities may not work properly."
-    fi
+  if [ "${selinux}" = "1" ]; then
+    ## restrict permissions on everything but
+    ## what is needed
+    for i in /sys/* /sys/fs/*
+    do
+      if [ "${sysfs_whitelist}" = "1" ]; then
+        chmod o-rwx "${i}"
+      else
+        chmod og-rwx "${i}"
+      fi
+    done
+    chmod o+rx /sys /sys/fs /sys/fs/selinux
+    echo "INFO: SELinux mode enabled. Restrictions loosened slightly in order to allow userspace utilities to function."
+  else
+    echo "INFO: SELinux detected, but SELinux mode is not enabled. Some userspace utilities may not work properly."
+  fi
 fi