Skip to main content
Version: v2.10

About rancher-selinux

To allow Rancher to work with SELinux, some functionality has to be manually enabled for the SELinux nodes. To help with that, Rancher provides a SELinux RPM.

The rancher-selinux RPM only contains policies for the rancher-logging application.

The rancher-selinux GitHub repository is here.

Installing the rancher-selinux RPM

Requirement:

The rancher-selinux RPM was tested with CentOS 7, 8 and 9.

1. Set up the yum repo

Set up the yum repo to install rancher-selinux directly on all hosts in the cluster.

In order to use the RPM repository, on a CentOS 7 or RHEL 7 system, run the following bash snippet:

# cat << EOF > /etc/yum.repos.d/rancher.repo 
[rancher]
name=Rancher
baseurl=https://rpm.rancher.io/rancher/production/centos/7/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm.rancher.io/public.key
EOF

In order to use the RPM repository, on a CentOS 8 or RHEL 8 system, run the following bash snippet:

# cat << EOF > /etc/yum.repos.d/rancher.repo 
[rancher]
name=Rancher
baseurl=https://rpm.rancher.io/rancher/production/centos/8/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm.rancher.io/public.key
EOF

In order to use the RPM repository, on a CentOS 9 or RHEL 9 system, run the following bash snippet:

# cat << EOF > /etc/yum.repos.d/rancher.repo 
[rancher]
name=Rancher
baseurl=https://rpm.rancher.io/rancher/production/centos/9/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm.rancher.io/public.key
EOF

2. Installing the RPM

Install the RPM:

yum -y install rancher-selinux

Configuring the Logging Application to Work with SELinux

Requirement:

Logging v2 was tested with SELinux on RHEL/CentOS 7, 8 and 9.

Applications do not automatically work once the rancher-selinux RPM is installed on the host. They need to be configured to run in an allowed SELinux container domain provided by the RPM.

To configure the rancher-logging chart to be SELinux aware, change global.seLinux.enabled to true in the values.yaml when installing the chart.