SELinux Setup

If it is required by your organization's policy and you need to opt-in to using SELinux, you can follow these instructions to enable SELinux on your CloudBolt host.

Before You Begin

Take a VM snapshot of your CloudBolt host before making any operating system changes.

Enabling SELinux

Log in to your CloudBolt host and run the following command: getenforce. If this reports that SELinux is disabled, run the following command, then reboot the CloudBolt host:

Code
sed -i "s/SELINUX=.*$/SELINUX=permissive/g" /etc/selinux/config

This will tell the CloudBolt host to run in permissive SELinux mode upon reboot.

Permissive SELinux

To set SELinux back to Permissive mode, run the following commands on the CloudBolt host:

Code
setenforce permissive
sed -i "s/SELINUX=.*$/SELINUX=permissive/g" /etc/selinux/config

Enforcing SELinux

Information If SELinux was previously disabled, you will need to run the CloudBolt 9.4+ upgrader before setting SELinux from permissive to enforcing mode.
Warning Setting CloudBolt to SELinux’s enforcing mode without running the CloudBolt 9.4+ Upgrader may make your existing CloudBolt server inaccessible.
The CloudBolt Upgrader does not set up SELinux rules on hosts where SELinux is disabled. This can cause your CloudBolt server to get into an unreachable state if the CloudBolt has not set the proper SELinux rules in place.

If getenforce reports that SELinux is is permissive mode, run the following command to temporarily set the host in enforcing mode:

Code
setenforce enforcing

To permanently set the host in enforcing mode, run the following command and reboot the host:

Code
sed -i "s/SELINUX=.*$/SELINUX=enforcing/g" /etc/selinux/config

This will put the host in enforcing mode when it reboots.