Introduction
Security-Enhanced Linux (SELinux) is a security module integrated into the Linux kernel that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). By enforcing strict rules on how processes can interact with each other and the system, SELinux enhances the overall security of the system. This article will guide you how to enable or disable SELinux on FlashGrid environment.
SELinux operates in three main modes:
-
Enforcing: In this mode, SELinux enforces its policies, blocking actions that are not permitted by the security rules. This is the strictest and most secure mode.
-
Permissive: SELinux policies are loaded, but violations are only logged, not enforced. This mode is useful for troubleshooting without disrupting operations.
-
Disabled: SELinux is completely turned off, and no security policies are enforced or logged.
These modes help manage security policies and adjust system behavior based on requirements.
Note: to set enforcing
or permissive
mode the FlashGrid Launcher config file should be modified manually.
Prerequisites
- Oracle Linux 9
- Red Hat Enterprise Linux 9
Parameters
One of the following parameters can be added to the [nodes]
section of the FlashGrid Launcher config file:
selinux = 'disabled'
selinux = 'permissive'
selinux = 'enforcing'
Configuration
1. Modify the FlashGrid Launcher config file to set the corresponding parameter
2. Deploy the FlashGrid product
3. Reboot nodes with one of the applicable ways below to your environment:
Notes:
- If the parameter is not set in the FlashGrid Launcher config file, by default SELinux will be permissive and switched to disabled after reboot.
- After deployment, but before the first reboot:
- with parameter
selinux = 'disabled'
SELinux mode will bepermissive
. - with parameter
selinux = 'permissive'
SELinux mode will bepermissive
. - with parameter
selinux = 'enforcing'
SELinux mode will beenforcing
.
- with parameter
- After reboot the SELinux mode will be set to the selected value.