Configure SELinux with Swarm

This procedure describes how to configure SELinux on a machine on which Cyberwatch is deployed. Only CentOS and Red Hat Enterprise Linux operating systems are supported.

  1. Ensure that Cyberwatch is deployed and functional

  2. Enable SELinux on the machine:

    Set the SELINUX variable to enforcing in file /etc/selinux/config:

    -SELINUX=disabled
+SELINUX=enforcing

    Reboot the machine:

    sudo reboot

    Verify that SELinux is enabled:

    sestatus

    The output should contain:

    SELinux status:                 enabled
Current mode:                   enforcing

  3. Install package container-selinux:

    sudo yum install container-selinux

  4. Enable container_manage_cgroup SELinux boolean:

    sudo setsebool container_manage_cgroup 1

  5. Add "selinux-enabled": true in file /etc/docker/daemon.json:

    +{
+  "selinux-enabled": true
+}

  6. Restart Docker:

    sudo systemctl restart docker

Back to top