Highlight SELinux enforcing mode in features

docs/index.md

@@ -13,7 +13,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
 
 * Kubernetes v1.18.2 (upstream)
 * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
-* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing
 * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](cl/google-cloud/#preemption) workers, and [snippets](advanced/customization/#container-linux) customization
 * Ready for Ingress, Prometheus, Grafana, CSI, or other [addons](addons/overview/)
 
@@ -64,7 +64,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo
 
 ```tf
 module "yavin" {
-  source = "git::https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes?ref=v1.18.2"
+  source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.18.2"
 
   # Google Cloud
   cluster_name  = "yavin"

docs/topics/security.md

@@ -20,6 +20,9 @@ Typhoon aims to be minimal and secure. We're running it ourselves after all.
 
 * Container Linux auto-updates are enabled
 * Hosts limit logins to SSH key-based auth (user "core")
+* SELinux enforcing mode [^2]
+
+[^2]: SELinux is enforcing on Fedora CoreOS, permissive on Flatcar Linux.
 
 **Platform**