docs: revert rancher-selinux changes in v2.10, v2.11, and v2.12

2026-05-30 00:25:34 +00:00 · 2026-05-28 11:28:55 +00:00
parent 3ba1cea2ae
commit 768c73c66c
3 changed files with 6 additions and 90 deletions
@@ -8,12 +8,6 @@ title: About rancher-selinux

 To allow Rancher to work with SELinux, some functionality has to be manually enabled for the SELinux nodes. To help with that, Rancher provides an SELinux RPM.

-:::tip Why SELinux?
-
-By assigning a dedicated SELinux type to each container, we ensure that containers are limited to their minimal needs and cannot pivot to other resources if compromised.
-
-:::
-
 The `rancher-selinux` RPM contains a set of SELinux policies designed to grant the necessary privileges to various Rancher components running on Linux systems with SELinux enabled.

 The `rancher-selinux` GitHub repository is [here.](https://github.com/rancher/rancher-selinux)
@@ -22,7 +16,7 @@ The `rancher-selinux` GitHub repository is [here.](https://github.com/rancher/ra

 :::note Requirement:

-The `rancher-selinux` RPM was tested with CentOS 7, 8, 9, and 10.
+The rancher-selinux RPM was tested with CentOS 7, 8 and 9.

 :::

@@ -69,19 +63,6 @@ gpgkey=https://rpm.rancher.io/public.key
 EOF
 ```

-In order to use the RPM repository, on a CentOS 10 or RHEL 10 system, run the following bash snippet:
-
-```
-# cat << EOF > /etc/yum.repos.d/rancher.repo 
-[rancher] 
-name=Rancher 
-baseurl=https://rpm.rancher.io/rancher/production/centos/10/noarch
-enabled=1 
-gpgcheck=1 
-gpgkey=https://rpm.rancher.io/public.key 
-EOF
-```
-
 ### 2. Installing the RPM

 Install the RPM:
@@ -94,19 +75,10 @@ yum -y install rancher-selinux

 :::note Requirement:

-Logging v2 was tested with SELinux on RHEL/CentOS 7, 8, 9, and 10.
+Logging v2 was tested with SELinux on RHEL/CentOS 7, 8 and 9.

 :::

 Applications do not automatically work once the `rancher-selinux` RPM is installed on the host. They need to be configured to run in an allowed SELinux container domain provided by the RPM. 

 To configure the `rancher-logging` chart to be SELinux aware, change `global.seLinux.enabled` to true in the `values.yaml` when installing the chart.
-
-## Rancher AI SELinux Policies
-
-Starting with `rancher-selinux` v0.9, SELinux policies are included for Rancher AI components:
-
- **rancher-ai-agent** — runs under the `rancher_aiagent_container_t` SELinux domain
- **rancher-ai-mcp** — runs under the `rancher_aimcp_container_t` SELinux domain
-
-These policies are supported on all platforms: EL9, EL10, Fedora 42, and MicroOS.
@@ -8,12 +8,6 @@ title: About rancher-selinux

 To allow Rancher to work with SELinux, some functionality has to be manually enabled for the SELinux nodes. To help with that, Rancher provides an SELinux RPM.

-:::tip Why SELinux?
-
-By assigning a dedicated SELinux type to each container, we ensure that containers are limited to their minimal needs and cannot pivot to other resources if compromised.
-
-:::
-
 The `rancher-selinux` RPM contains a set of SELinux policies designed to grant the necessary privileges to various Rancher components running on Linux systems with SELinux enabled.

 The `rancher-selinux` GitHub repository is [here.](https://github.com/rancher/rancher-selinux)
@@ -22,7 +16,7 @@ The `rancher-selinux` GitHub repository is [here.](https://github.com/rancher/ra

 :::note Requirement:

-The `rancher-selinux` RPM was tested with CentOS 7, 8, 9, and 10.
+The rancher-selinux RPM was tested with CentOS 7, 8 and 9.

 :::

@@ -69,19 +63,6 @@ gpgkey=https://rpm.rancher.io/public.key
 EOF
 ```

-In order to use the RPM repository, on a CentOS 10 or RHEL 10 system, run the following bash snippet:
-
-```
-# cat << EOF > /etc/yum.repos.d/rancher.repo 
-[rancher] 
-name=Rancher 
-baseurl=https://rpm.rancher.io/rancher/production/centos/10/noarch
-enabled=1 
-gpgcheck=1 
-gpgkey=https://rpm.rancher.io/public.key 
-EOF
-```
-
 ### 2. Installing the RPM

 Install the RPM:
@@ -94,19 +75,10 @@ yum -y install rancher-selinux

 :::note Requirement:

-Logging v2 was tested with SELinux on RHEL/CentOS 7, 8, 9, and 10.
+Logging v2 was tested with SELinux on RHEL/CentOS 7, 8 and 9.

 :::

 Applications do not automatically work once the `rancher-selinux` RPM is installed on the host. They need to be configured to run in an allowed SELinux container domain provided by the RPM. 

 To configure the `rancher-logging` chart to be SELinux aware, change `global.seLinux.enabled` to true in the `values.yaml` when installing the chart.
-
-## Rancher AI SELinux Policies
-
-Starting with `rancher-selinux` v0.9, SELinux policies are included for Rancher AI components:
-
- **rancher-ai-agent** — runs under the `rancher_aiagent_container_t` SELinux domain
- **rancher-ai-mcp** — runs under the `rancher_aimcp_container_t` SELinux domain
-
-These policies are supported on all platforms: EL9, EL10, Fedora 42, and MicroOS.
@@ -8,12 +8,6 @@ title: About rancher-selinux

 To allow Rancher to work with SELinux, some functionality has to be manually enabled for the SELinux nodes. To help with that, Rancher provides an SELinux RPM.

-:::tip Why SELinux?
-
-By assigning a dedicated SELinux type to each container, we ensure that containers are limited to their minimal needs and cannot pivot to other resources if compromised.
-
-:::
-
 The `rancher-selinux` RPM contains a set of SELinux policies designed to grant the necessary privileges to various Rancher components running on Linux systems with SELinux enabled.

 The `rancher-selinux` GitHub repository is [here.](https://github.com/rancher/rancher-selinux)
@@ -22,7 +16,7 @@ The `rancher-selinux` GitHub repository is [here.](https://github.com/rancher/ra

 :::note Requirement:

-The `rancher-selinux` RPM was tested on openSUSE MicroOS, Fedora 42, and RHEL-based distributions including CentOS/RockyLinux 8, 9, and 10.
+The `rancher-selinux` RPM was tested on openSUSE Tumbleweed and RHEL-based distributions including Centos/RockyLinux 8 and 9. 

 :::

@@ -56,19 +50,6 @@ gpgkey=https://rpm.rancher.io/public.key
 EOF
 ```

-In order to use the RPM repository, on a CentOS 10 or RHEL 10 system, run the following bash snippet:
-
-```
-# cat << EOF > /etc/yum.repos.d/rancher.repo 
-[rancher] 
-name=Rancher 
-baseurl=https://rpm.rancher.io/rancher/production/centos/10/noarch
-enabled=1 
-gpgcheck=1 
-gpgkey=https://rpm.rancher.io/public.key 
-EOF
-```
-
 ### 2. Installing the RPM

 Install the RPM:
@@ -81,19 +62,10 @@ yum -y install rancher-selinux

 :::note Requirement:

-Logging v2 and Monitoring v2 were tested with SELinux on RHEL/CentOS 8, 9, 10, and Tumbleweed.
+Logging v2 and Monitoring v2 were tested with SELinux on RHEL/CentOS 8, 9, and Tumbleweed.

 :::

 Applications do not automatically work once the `rancher-selinux` RPM is installed on the host. They need to be configured to run in an allowed SELinux container domain provided by the RPM. 

 To configure the `rancher-logging` or the `rancher-monitoring` chart to be SELinux aware, change `global.seLinux.enabled` to true in the `values.yaml` when installing the charts.
-
-## Rancher AI SELinux Policies
-
-Starting with `rancher-selinux` v0.9, SELinux policies are included for Rancher AI components:
-
- **rancher-ai-agent** — runs under the `rancher_aiagent_container_t` SELinux domain
- **rancher-ai-mcp** — runs under the `rancher_aimcp_container_t` SELinux domain
-
-These policies are supported on all platforms: EL9, EL10, Fedora 42, and MicroOS.