-
Language:
English
-
Language:
English
9.10.4. Configuring SELinux
Node hosts require a specific SELinux policy and context configuration to operate correctly. Run the following commands to set the required Boolean values:
# setsebool -P httpd_unified=on httpd_can_network_connect=on httpd_can_network_relay=on httpd_read_user_content=on httpd_enable_homedirs=on httpd_run_stickshift=on allow_polyinstantiation=onTable 9.6. Boolean Value Options
| Boolean Value | Purpose |
|---|---|
httpd_unified | Allow the node host to write files in the http file context. |
httpd_can_network_connect | Allow the node host to access the network. |
httpd_can_network_relay | Allow the node host to access the network. |
httpd_read_user_content | Allow the node host to read application data. |
httpd_enable_homedirs | Allow the node host to read application data. |
httpd_run_stickshift | Allow the node host to read application data. |
allow_polyinstantiation | Allow polyinstantiation for gear containment. |
Relabel a number of files with the correct SELinux contexts. Specify these contexts with:
#restorecon -rv /var/run#restorecon -rv /var/lib/openshift /etc/openshift/node.conf /etc/httpd/conf.d/openshift
Note
If you use the kickstart or bash script, the
configure_selinux_policy_on_node function performs these steps.
