During August 2025, Nick Kapron enhanced security in the torvalds/linux repository by implementing per-endpoint SELinux labeling for functionfs. He developed a mechanism in C that allows each functionfs endpoint to receive distinct SELinux labels, enabling granular access control and reducing the risk of privilege escalation. His approach introduced a userspace workflow for applying labels after endpoint creation, streamlining policy management and supporting scalable deployment. Leveraging expertise in SELinux, kernel development, and security, Nick’s work improved the kernel’s security posture and aligned with ongoing SELinux hardening efforts, providing a foundation for more robust endpoint policy auditing in future releases.