diff --git a/etc/hide-hardware-info.d/30_default.conf b/etc/hide-hardware-info.d/30_default.conf
index 88344bc..2b01ffe 100644
--- a/etc/hide-hardware-info.d/30_default.conf
+++ b/etc/hide-hardware-info.d/30_default.conf
@@ -8,4 +8,5 @@
 #cpuinfo_whitelist=0
 
 ## Disable selinux mode.
+## https://www.whonix.org/wiki/Security-misc#selinux
 #selinux=0
diff --git a/usr/lib/security-misc/hide-hardware-info b/usr/lib/security-misc/hide-hardware-info
index 78f3f9b..447f8d6 100755
--- a/usr/lib/security-misc/hide-hardware-info
+++ b/usr/lib/security-misc/hide-hardware-info
@@ -7,6 +7,8 @@ set -e
 
 sysfs_whitelist=1
 cpuinfo_whitelist=1
+
+## https://www.whonix.org/wiki/Security-misc#selinux
 selinux=1
 
 shopt -s nullglob
@@ -78,6 +80,8 @@ do
   fi
 done
 
+## https://www.whonix.org/wiki/Security-misc#selinux
+##
 ## on SELinux systems, at least /sys/fs/selinux
 ## must be visible to unprivileged users, else
 ## SELinux userspace utilities will not function