is a security enhancement to Linux.

Developed by Red Hat, it is an implementation of mandatory access controls (MAC) on Linux. Mandatory access controls allow an administrator of a system to define how applications and users can access different resources such as files, devices, networks and inter-process communication. SELinux also enhances security by making an OS restrictive by default.

After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8. To check whether SELinux is enabled and enforcing on your system, use :

We provide two RPMs (Red Hat packages) that enable Rancher products to function properly on SELinux-enforcing hosts: rancher-selinux and rke2-selinux.

• rke2-selinux

rancher-selinux

To allow Rancher to work with SELinux, some functionality has to be manually enabled for the SELinux nodes. To help with that, Rancher provides a SELinux RPM.

The rancher-selinux GitHub repository is

rke2-selinux

rke2-selinux provides policies for RKE2. It is installed automatically when the RKE2 installer script detects that it is running on an RPM-based distro.

The rke2-selinux GitHub repository is

For more information about installing RKE2 on SELinux-enabled hosts, see the RKE2 documentation.

Installing the rancher-selinux RPM

In order to use the RPM repository, on a CentOS 7 or RHEL 7 system, run the following bash snippet:

In order to use the RPM repository, on a CentOS 8 or RHEL 8 system, run the following bash snippet:

2. Installing the RPM

Install the RPM:

Configuring the Logging Application to Work with SELinux

Requirements: Logging v2 was tested with SELinux on RHEL/CentOS 7 and 8.

Applications do not automatically work once the rancher-selinux RPM is installed on the host. They need to be configured to run in an allowed SELinux container domain provided by the RPM.