public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-04 20:23:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c8f8a5f2edec3d7f5abc321e7ca42e681919fdb
rancher-docs/versioned_docs/version-2.13/reference-guides/rancher-security/selinux-rpm/about-rancher-selinux.md
T
Andy Pitcher dae5fda314 doc(rancher-security): improve structure and content to latest, v2.13-preview and v2.12 (#2024) 
- add Rancher Kubernetes Distributions (K3s/RKE2) Self-Assessment and Hardening Guide section
- add kubernetes cluster security best practices link to rancher-security section
- add k3s-selinux and update selinux-rpm details
- remove rhel/centos 7 support

Signed-off-by: Andy Pitcher <andy.pitcher@suse.com>
2025-10-31 09:25:39 -07:00

72 lines
2.2 KiB
Markdown
Raw Blame History

---
title: About rancher-selinux
---
<head>
<link rel="canonical" href="https://ranchermanager.docs.rancher.com/reference-guides/rancher-security/selinux-rpm/about-rancher-selinux"/>
</head>
To allow Rancher to work with SELinux, some functionality has to be manually enabled for the SELinux nodes. To help with that, Rancher provides an SELinux RPM.
The `rancher-selinux` RPM contains a set of SELinux policies designed to grant the necessary privileges to various Rancher components running on Linux systems with SELinux enabled.
The `rancher-selinux` GitHub repository is [here.](https://github.com/rancher/rancher-selinux)
## Installing the rancher-selinux RPM
:::note Requirement:
The `rancher-selinux` RPM was tested on openSUSE Tumbleweed and RHEL-based distributions including Centos/RockyLinux 8 and 9.
:::
### 1. Set up the yum repo
Set up the yum repo to install `rancher-selinux` directly on all hosts in the cluster.
In order to use the RPM repository, on a CentOS 8 or RHEL 8 system, run the following bash snippet:
```
# cat << EOF > /etc/yum.repos.d/rancher.repo
[rancher]
name=Rancher
baseurl=https://rpm.rancher.io/rancher/production/centos/8/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm.rancher.io/public.key
EOF
```
In order to use the RPM repository, on a CentOS 9 or RHEL 9 system, run the following bash snippet:
```
# cat << EOF > /etc/yum.repos.d/rancher.repo
[rancher]
name=Rancher
baseurl=https://rpm.rancher.io/rancher/production/centos/9/noarch
enabled=1
gpgcheck=1
gpgkey=https://rpm.rancher.io/public.key
EOF
```
### 2. Installing the RPM
Install the RPM:
```
yum -y install rancher-selinux
```
## Configuring the Logging and Monitoring Applications to Work with SELinux
:::note Requirement:
Logging v2 and Monitoring v2 were tested with SELinux on RHEL/CentOS 8, 9, and Tumbleweed.
:::
Applications do not automatically work once the `rancher-selinux` RPM is installed on the host. They need to be configured to run in an allowed SELinux container domain provided by the RPM.
To configure the `rancher-logging` or the `rancher-monitoring` chart to be SELinux aware, change `global.seLinux.enabled` to true in the `values.yaml` when installing the charts.
Reference in New Issue View Git Blame Copy Permalink