From c560f3ead7e66c2bd47bb9b6befbd1d1ab573de4 Mon Sep 17 00:00:00 2001
From: Donal Hurley <d.hurley@f5.com>
Date: Thu, 27 Mar 2025 14:14:17 +0000
Subject: [PATCH 1/2] chore: add NGINX Agent v3.0 SELinux configuration guide

---
 .../agent/how-to/how-to-configure-selinux.md  | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 content/agent/how-to/how-to-configure-selinux.md

diff --git a/content/agent/how-to/how-to-configure-selinux.md b/content/agent/how-to/how-to-configure-selinux.md
new file mode 100644
index 000000000..edabc3485
--- /dev/null
+++ b/content/agent/how-to/how-to-configure-selinux.md
@@ -0,0 +1,50 @@
+---
+title: Configure SELinux
+weight: 600
+---
+
+## Overview
+
+You can use the optional SELinux policy module included in the package to secure F5 NGINX Agent operations with flexible, mandatory access control that follows the principle of least privilege.
+
+{{< important >}}The SELinux policy module is optional. It is not loaded automatically during installation, even on SELinux-enabled systems. You must manually load the policy module using the steps below.{{< /important >}}
+
+---
+
+## Before you begin
+
+Take these preparatory steps before configuring SELinux:
+
+1. Enable SELinux on your system.
+2. Install the tools `load_policy`, `semodule`, and `restorecon`.
+3. [Install NGINX Agent]({{< relref "/agent/install-upgrade/install.md" >}}) with SELinux module files in place.
+
+{{< important >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /important >}}
+
+---
+
+## Enable SELinux for NGINX Agent {#selinux-agent}
+
+The following SELinux files are added when you install the NGINX Agent package:
+
+- `/usr/share/selinux/packages/nginx_agent.pp` - loadable binary policy module
+- `/usr/share/selinux/devel/include/contrib/nginx_agent.if` - interface definitions file
+- `/usr/share/man/man8/nginx_agent_selinux.8.gz` - policy man page
+
+To load the NGINX Agent policy, run:
+
+{{< include "installation/agent-selinux.md" >}}
+
+{{<see-also>}}For more information, see [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/).{{</see-also>}}
+
+---
+
+## Recommended Resources
+
+- <https://man7.org/linux/man-pages/man8/selinux.8.html>
+- <https://www.redhat.com/en/topics/linux/what-is-selinux>
+- <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux>
+- <https://wiki.centos.org/HowTos/SELinux>
+- <https://wiki.gentoo.org/wiki/SELinux>
+- <https://opensource.com/business/13/11/selinux-policy-guide>
+- <https://www.nginx.com/blog/using-nginx-plus-with-selinux/>

From 5bcca7331ece28eaff602b72d047b71656ad484c Mon Sep 17 00:00:00 2001
From: Donal Hurley <d.hurley@f5.com>
Date: Thu, 27 Mar 2025 14:16:19 +0000
Subject: [PATCH 2/2] chore: add NGINX Agent v3.0 SELinux configuration guide

---
 content/agent/how-to/how-to-configure-selinux.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/agent/how-to/how-to-configure-selinux.md b/content/agent/how-to/how-to-configure-selinux.md
index edabc3485..e727ec246 100644
--- a/content/agent/how-to/how-to-configure-selinux.md
+++ b/content/agent/how-to/how-to-configure-selinux.md
@@ -17,7 +17,7 @@ Take these preparatory steps before configuring SELinux:
 
 1. Enable SELinux on your system.
 2. Install the tools `load_policy`, `semodule`, and `restorecon`.
-3. [Install NGINX Agent]({{< relref "/agent/install-upgrade/install.md" >}}) with SELinux module files in place.
+3. [Install NGINX Agent]({{< rel "/agent/install-upgrade/install.md" >}}) with SELinux module files in place.
 
 {{< important >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /important >}}