diff --git a/README.md b/README.md
index 24e8f12..28aafcd 100644
--- a/README.md
+++ b/README.md
@@ -64,6 +64,13 @@ unicorn['port'] = 3456
 
 For Nginx port changes please see the section on enabling HTTPS below.
 
+#### Git SSH access stops working on SELinux-enabled systems
+
+On SELinux-enabled systems the git user's `.ssh` directory or its contents can
+get their security context messed up. You can fix this by running `sudo
+gitlab-ctl reconfigure`, which will run a `chcon --recursive` command on
+`/var/opt/gitlab/.ssh`.
+
 #### Reconfigure fails to create the git user
 
 This can happen if you run `sudo gitlab-ctl reconfigure` as the git user.
@@ -486,6 +493,17 @@ Omnibus-gitlab uses four different directories.
 - `/var/log/gitlab` contains all log data generated by components of
   omnibus-gitlab.
 
+## Omnibus-gitlab and SELinux
+
+Although omnibus-gitlab runs on systems that have SELinux enabled, it does not
+use SELinux confinement features:
+- omnibus-gitlab creates unconfined system users;
+- omnibus-gitlab services run in an unconfined context.
+
+The correct operation of Git access via SSH depends on the labeling of
+`/var/opt/gitlab/.ssh`. If needed you can restore this labeling by running
+`sudo gitlab-ctl reconfigure`.
+
 ## Logs
 
 ### Tail logs in a console on the server
--
libgit2 0.21.2