Suggest SELinux enforcing config

rancher / elemental-toolkit

:snowflake: The toolkit to build, ship and maintain cloud-init driven Linux derivatives based on container images

https://rancher.github.io/elemental-toolkit/docs/

Apache License 2.0

288 stars 49 forks source link

Suggest SELinux enforcing config #2049

Closed anmazzotti closed 4 months ago

anmazzotti commented 4 months ago

Turns out that setting SELINUX=enforcing in /etc/selinux/config is ineffective if enforcing=0 is passed as kernel arg. The only way that I managed to successfully enforce SELinux is to do it through setenforce 1 at boot. setsebool secure_mode_policyload on can be also set to forbid further changes.

Not a great solution, but the only one that works today.

anmazzotti commented 4 months ago

Closing in favor of the better solution.