Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 8. Enabling SELinux
After upgrading to Red Hat Gluster Storage 3.x, follow the steps mentioned here for SELinux support. These steps are not mandatory and are required only if SELinux support is required.
This procedure assumes that the selinux-policy-targeted, selinux-policy, libselinux, libselinux-python provided by the python3-libselinux package in Red Hat Enterprise Linux 8 (RHEL 8), libselinux-utils, policycoreutils, policycoreutils-python replaced by the policycoreutils-python-utils and python3-policycoreutils packages in RHEL8, setroubleshoot, setroubleshoot-server, setroubleshoot-plugins packages are installed. To verify that the packages are installed, use the following command:
rpm -q package_name
# rpm -q package_nameImportant
If the system was initially installed without SELinux, particularly the selinux-policy package, one additional step is necessary to enable SELinux. To make sure SELinux is initialized during system startup, the
dracut utility has to be run to put SELinux awareness into the initramfs file system. Failing to do so causes SELinux to not start during system startup.
- Before SELinux is enabled, each file on the file system must be labeled with an SELinux context. Before this happens, confined domains may be denied access, preventing your system from booting correctly. To prevent this, configure
SELINUX=permissivein/etc/selinux/config:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - As the Linux root user, reboot the system. During the next boot, file systems are labeled. The label process labels each file with an SELinux context:
*** Warning -- SELinux targeted policy relabel is required. *** Relabeling could take a very long time, depending on file *** system size and speed of hard drives. ****
*** Warning -- SELinux targeted policy relabel is required. *** Relabeling could take a very long time, depending on file *** system size and speed of hard drives. ****Copy to Clipboard Copied! Toggle word wrap Toggle overflow Each * (asterisk) character on the bottom line represents 1000 files that have been labeled. In the above example, four * characters represent 4000 files have been labeled. The time it takes to label all files depends on the number of files on the system and the speed of hard drives. On modern systems, this process can take as short as 10 minutes. - In permissive mode, the SELinux policy is not enforced, but denial messages are still logged for actions that would have been denied in enforcing mode. Before changing to enforcing mode, as the Linux root user, run the following command to confirm that SELinux did not deny actions during the last boot:
grep "SELinux is preventing" /var/log/messages
# grep "SELinux is preventing" /var/log/messagesCopy to Clipboard Copied! Toggle word wrap Toggle overflow If SELinux did not deny any actions during the last boot, this command returns no output. - If there were no denial messages in /var/log/messages, configure SELINUX=enforcing in /etc/selinux/config:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Reboot your system. After reboot, confirm that getenforce returns Enforcing
getenforce
~]$ getenforce EnforcingCopy to Clipboard Copied! Toggle word wrap Toggle overflow
For more information on changing SELINUX states and modes in REHL 7, refer to Permanent Changes in SELINUX States and Modes in the SELinux User's and Adminstrator's Guide
For more information on changing SELINUX states and modes in REHL 8, refer to Permanent Changes in SELINUX States and Modes in the Using SELinux
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}