Show Table of Contents
9.10.4. Configuring SELinux
Node hosts require a specific SELinux policy and context configuration to operate correctly. Run the following commands to set the required Boolean values:
# setsebool -P httpd_unified=on httpd_can_network_connect=on httpd_can_network_relay=on httpd_read_user_content=on httpd_enable_homedirs=on httpd_run_stickshift=on allow_polyinstantiation=onTable 9.6. Boolean Value Options
| Boolean Value | Purpose |
|---|---|
httpd_unified | Allow the node host to write files in the http file context. |
httpd_can_network_connect | Allow the node host to access the network. |
httpd_can_network_relay | Allow the node host to access the network. |
httpd_read_user_content | Allow the node host to read application data. |
httpd_enable_homedirs | Allow the node host to read application data. |
httpd_run_stickshift | Allow the node host to read application data. |
allow_polyinstantiation | Allow polyinstantiation for gear containment. |
Relabel a number of files with the correct SELinux contexts. Specify these contexts with:
#restorecon -rv /var/run#restorecon -rv /var/lib/openshift /etc/openshift/node.conf /etc/httpd/conf.d/openshift
Note
If you use the kickstart or bash script, the
configure_selinux_policy_on_node function performs these steps.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.