Skip to content

Commit ae6be75

Browse files
kelbrown20kelbrown20
committed
BZ:1828609 - Adding section for setting SELinux booleans
1 parent c0b7f93 commit ae6be75

File tree

2 files changed

+57
-0
lines changed

2 files changed

+57
-0
lines changed

modules/nodes-nodes-working-setting-booleans.adoc

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
[id="nodes-nodes-working-setting-booleans"]
2+
3+
= Setting SELinux booleans
4+
5+
{product-title} allows you to enable and disable an SELinux boolean on a {op-system-first} node. The following procedure explains how to modify SELinux booleans on nodes using the Machine Config Operator (MCO). This procedure uses `container_manage_cgroup` as the example boolean. You can modify this value to whichever boolean you need.
6+
7+
.Prerequisites
8+
9+
* You have installed the OpenShift CLI (oc).
10+
11+
.Procedure
12+
13+
. Create a new YAML file with a `MachineConfig` object, displayed in the following example:
14+
+
15+
[source, yaml]
16+
----
17+
apiVersion: machineconfiguration.openshift.io/v1
18+
kind: MachineConfig
19+
metadata:
20+
labels:
21+
machineconfiguration.openshift.io/role: worker
22+
name: 99-worker-setsebool
23+
spec:
24+
config:
25+
ignition:
26+
version: 2.2.0
27+
systemd:
28+
units:
29+
- contents: |
30+
[Unit]
31+
Description=Set SELinux booleans
32+
Before=kubelet.service
33+
34+
[Service]
35+
Type=oneshot
36+
ExecStart=/sbin/setsebool container_manage_cgroup=on
37+
RemainAfterExit=true
38+
39+
[Install]
40+
WantedBy=multi-user.target graphical.target
41+
enabled: true
42+
name: setsebool.service
43+
----
44+
+
45+
46+
. Create the new `MachineConfig` object by running the following command:
47+
+
48+
[source,terminal]
49+
----
50+
$ oc create -f 99-worker-setsebool.yaml
51+
----
52+
53+
[NOTE]
54+
====
55+
Applying any changes to the `MachineConfig` object causes all affected nodes to gracefully reboot after the change is applied.
56+
====

nodes/nodes/nodes-nodes-working.adoc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ include::modules/nodes-nodes-working-master-schedulable.adoc[leveloffset=+1]
2828
include::modules/nodes-nodes-working-deleting.adoc[leveloffset=+2]
2929
include::modules/nodes-nodes-working-deleting-bare-metal.adoc[leveloffset=+2]
3030

31+
include::modules/nodes-nodes-working-setting-booleans.adoc[leveloffset=+1]
3132
include::modules/nodes-nodes-kernel-arguments.adoc[leveloffset=+1]
3233
ifdef::openshift-webscale[]
3334
include::modules/nodes-nodes-rtkernel-arguments.adoc[leveloffset=+1]

0 commit comments

Comments
 (0)