Operations grimoire/RHEL

Docker engines servers uses CentOS Stream (e.g. Dwellers) or Rocky (e.g. docker-002).

SELinux

States targeting RHEL machines need to apply the relevant SELinux context to each directory and file.

For example, to apply the context httpd_log_t to /var/log/www:

   {% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
   
   /var/log/www:
     file.directory:
       - user: {{ options["www_user"] }}
       - group: web
       - dir_mode: 711
   
  {% if has_selinux %}
   selinux_context_nginx_logs:
     selinux.fcontext_policy_present:
       - name: /var/log/www
       - sel_type: httpd_log_t
   
   selinux_context_nginx_logs_applied:
     selinux.fcontext_policy_applied:
       - name: /var/log/www
   {% endif %}

You'll find examples in rOPS: roles/paas-docker/containers/ files.

For booleans (sebool) or custom policies, you'll find examples in rOPS: roles/paas-docker/nginx/selinux.sls

Anonymous

Search

Operations grimoire/RHEL

Namespaces

More

Page actions

SELinux

Navigation

Navigation

Wiki tools

Wiki tools

Anonymous

Search

Operations grimoire/RHEL

SELinux

Navigation

Wiki tools

Page tools