Configure SELinux with Swarm

This procedure describes how to configure SELinux on a machine on which Cyberwatch is deployed. Only CentOS and Red Hat Enterprise Linux operating systems are supported.

  1. Ensure that Cyberwatch is deployed and functional.

  2. Enable SELinux on the machine.

    Set the SELINUX variable to enforcing in file /etc/selinux/config:

    -SELINUX=disabled
    +SELINUX=enforcing
    

    Reboot the machine:

    sudo reboot
    

    Verify that SELinux is enabled:

    sestatus
    

    The output should contain:

    SELinux status:                 enabled
    Current mode:                   enforcing
    
  3. Install package container-selinux:

    sudo yum install container-selinux
    
  4. Enable container_manage_cgroup SELinux boolean:

    sudo setsebool container_manage_cgroup 1
    
  5. Add "selinux-enabled": true in file /etc/docker/daemon.json:

    +{
    +  "selinux-enabled": true
    +}
    
  6. Restart Docker:

    sudo systemctl restart docker