This article describes how to change the default SELinux mode during FlashGrid Cluster/Server deployment.
Note: Managing systems with SELinux in enforcing mode requires strong SELinux skills to avoid disruptions.
Note: Enabling SELinux is supported on RHEL/OL 9 only and not supported on RHEL/OL 7/8.
Default Settings
The default SELinux mode after deployment is:
- on RHEL/OL 9 with FlashGrid Launcher version 26.03 or later, by default, SELinux is set to permissive mode.
- on RHEL/OL 9 with FlashGrid Launcher version 25.12 or earlier, by default, SELinux is disabled. (It is in permissive mode during software initialization and gets disabled after the first reboot.)
- on RHEL/OL 7/8 SELinux is disabled and enabling it is not supported.
Changing SELinux Mode via Launcher Configuration File
On RHEL/OL 9, you can select which SELinux mode will be configured during deployment by adding the selinux parameter with the corresponding value to the [nodes] section of the FlashGrid Launcher config file:
-
selinux = 'disabled'(will switch from permissive to disabled after first reboot) -
selinux = 'permissive'(default) selinux = 'enforcing'
Manually Switching to Enforcing Mode After Deployment
Deploying in permissive mode and later manually switching to enforcing mode is recommended if you need to install 3rd-party software and troubleshoot any possible SELinux violations first.
Manually switching from disabled to enforcing is also possible, but this path should be avoided if possible.
See instructions for manually switching to enforcing mode in Enabling SELinux in existing FlashGrid Cluster with RHEL/OL 9