Dereckson: Created page with "Docker engines servers uses CentOS Stream (e.g. Dwellers) or Rocky (e.g. docker-002). == SELinux == States targeting RHEL machines need to apply the relevant SELinux context to '''each''' directory and file. For example, to apply the context `httpd_log_t` to `/var/log/www`: {% set has_selinux = salt['grains.get']('selinux:enabled', False) %} /var/log/www: file.directory: - user: {{ options["www_user"] }} - group..."

2023-05-30T23:35:01Z

Created page with "Docker engines servers uses CentOS Stream (e.g. Dwellers) or Rocky (e.g. docker-002). == SELinux == States targeting RHEL machines need to apply the relevant SELinux context to '''each''' directory and file. For example, to apply the context <code>httpd_log_t</code> to <code>/var/log/www</code>: {% set has_selinux = salt['grains.get']('selinux:enabled', False) %} /var/log/www: file.directory: - user: {{ options["www_user"] }} - group..."

New page

Docker engines servers uses CentOS Stream (e.g. Dwellers) or Rocky (e.g. docker-002).

== SELinux ==
States targeting RHEL machines need to apply the relevant SELinux context to '''each''' directory and file.

For example, to apply the context <code>httpd_log_t</code> to <code>/var/log/www</code>:

{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}

/var/log/www:
file.directory:
- user: {{ options["www_user"] }}
- group: web
- dir_mode: 711

{% if has_selinux %}
selinux_context_nginx_logs:
selinux.fcontext_policy_present:
- name: /var/log/www
- sel_type: httpd_log_t

selinux_context_nginx_logs_applied:
selinux.fcontext_policy_applied:
- name: /var/log/www
{% endif %}

You'll find examples in {{Ops file|roles/paas-docker/containers/}} files.

For booleans (sebool) or custom policies, you'll find examples in {{Ops file|roles/paas-docker/nginx/selinux.sls}}

Operations grimoire/RHEL - Revision history