These days, it seems like everybody is trying to make Android more secure. As usual, rooting and modding are often casualties of this effort. Just over a month ago Android 4.3 broke the existing model for root, forcing updates to existing methods, and now Samsung is rolling out updated Android 4.2.2 firmwares for the Galaxy S 4 which fully enable the company's heavily secured KNOX environment. Fortunately, Chainfire is already on top of it and has updated his popular root software, SuperSU, to be compatible with the new system.
Samsung has been charging full steam ahead on the movement towards corporate security. KNOX is the company's new secure enterprise solution which promises to make "Bring Your Own Device" policies more realistic in the workplace. The new Galaxy S 4 firmwares enable the security features of SELinux and set it to Enforcing mode, versus the formerly enabled Permissive mode which just logged "violations" without preventing them. This appears to be a first for Android, as SELinux has never been put into Enforcing mode on a consumer-level product.
The latest update to SuperSU adds compatibility with Samsung's KNOX / SELinux security restrictions such that root capabilities are still possible. If you are updating your S4 with Samsung's OTAs, you will have to re-root your device, which consequently installs the latest su binary. For anybody else, the updated binary isn't required, so the latest update to the Play Store version of SuperSU will not prompt to install the new binary. Chainfire has been careful to warn everybody that using Mobile ODIN or Triangle Away on KNOX-enabled firmware at this time is basically ensuring the quick demise of your phone, so don't do it.
There is possibly some generally bad news: some apps may not work properly as a result of new limits imposed by SELinux. There are already complaints that a number of root apps aren't functioning properly, and even several regular apps only work if they are reinstalled from scratch. This isn't a problem with SuperSU, but more likely related to changes in the security model employed by SELinux and how it handles stored settings and some app permissions. At this early stage, it's difficult to tell if this can be fixed by simply clearing app data, or actual adjustments to code are required to be more friendly with KNOX.
While the main focus of the SuperSU update was to support Samsung's first incarnation of the new security system, it also fixes problems related to OTA Survival for Android 4.3 users. This should make things a little easier when Google pushes out subsequent updates for our Nexus devices, and eventually the same happens from assorted OEMs.