diff --git a/README.md b/README.md
index 848a8d21b..12df402ce 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ The command line tool isn't required, but it sure makes things a lot easier. The
 
 #### 1. Homebrew - MacOS
 
-If you're on a Mac and use [Homebrew](https://brew.sh/), this one is for you: 
+If you're on a Mac and use [Homebrew](https://brew.sh/), this one is for you:
 
 ```sh
 brew install fn
@@ -62,7 +62,8 @@ fn start
 
 This will start Fn in single server mode, using an embedded database and message queue. You can find all the
 configuration options [here](docs/operating/options.md). If you are on Windows, check [here](docs/operating/windows.md).
- 
+If you are on a Linux system where the SELinux security policy is set to "Enforcing", such as OEL7.x, check
+[here](docs/operating/selinux.md).
 
 ### Your First Function
 
diff --git a/docs/operating/options.md b/docs/operating/options.md
index 5ddd1c307..e92bc37d6 100644
--- a/docs/operating/options.md
+++ b/docs/operating/options.md
@@ -2,7 +2,7 @@
 
 ## Default run command for production
 
-This will run with docker in docker. 
+This will run with docker in docker.
 
 ```sh
 docker run --privileged --rm --name fns -it -v $PWD/data:/app/data -p 80:8080 fnproject/fnserver
@@ -50,6 +50,10 @@ One way is to mount the host Docker. Everything is essentially the same except y
 docker run --rm --name functions -it -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/data:/app/data -p 8080:8080 fnproject/fnserver
 ```
 
+On Linux systems where SELinux is enabled and set to "Enforcing", SELinux will stop the container from accessing
+the host docker and the local directory mounted as a volume, so this method cannot be used unless security restrictions
+are disabled.
+
 ### Run outside Docker
 
 You can of course just run the binary directly, you'll just have to change how you set the environment variables above.
diff --git a/docs/operating/selinux.md b/docs/operating/selinux.md
new file mode 100644
index 000000000..02295c1fe
--- /dev/null
+++ b/docs/operating/selinux.md
@@ -0,0 +1,20 @@
+# Running on SELinux systems
+
+Systems such as OEL 7.x where SELinux is enabled and the security policies are set to "Enforcing" will restrict Fn from
+running containers and mounting volumes.
+
+For local development, you can relax SELinux constraints by running this command in a root shell:
+
+```sh
+setenforce permissive
+```
+
+Then you will be able to run `fn start` as normal.
+
+Alternatively, use the docker-in-docker deployment that a production system would use:
+
+```sh
+docker run --privileged --rm --name fns -it -v $PWD/data:/app/data -p 8080:8080 fnproject/functions
+```
+
+Check the [operating options](options.md) for further details about this.