mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
62 lines
1.6 KiB
Plaintext
62 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * nodes/nodes/nodes-nodes-managing.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nodes-nodes-working-setting-booleans_{context}"]
|
|
= Setting SELinux booleans
|
|
|
|
[role="_abstract"]
|
|
{product-title} allows you to enable and disable an SELinux boolean on a {op-system-first} node. The following procedure explains how to modify SELinux booleans on nodes using the Machine Config Operator (MCO). This procedure uses `container_manage_cgroup` as the example boolean. You can modify this value to whichever boolean you need.
|
|
|
|
.Prerequisites
|
|
|
|
* You have installed the {oc-first}.
|
|
|
|
.Procedure
|
|
|
|
. Create a new YAML file with a `MachineConfig` object, displayed in the following example:
|
|
+
|
|
[source, yaml]
|
|
----
|
|
apiVersion: machineconfiguration.openshift.io/v1
|
|
kind: MachineConfig
|
|
metadata:
|
|
labels:
|
|
machineconfiguration.openshift.io/role: worker
|
|
name: 99-worker-setsebool
|
|
spec:
|
|
config:
|
|
ignition:
|
|
version: 3.2.0
|
|
systemd:
|
|
units:
|
|
- contents: |
|
|
[Unit]
|
|
Description=Set SELinux booleans
|
|
Before=kubelet.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/sbin/setsebool container_manage_cgroup=on
|
|
RemainAfterExit=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target graphical.target
|
|
enabled: true
|
|
name: setsebool.service
|
|
#...
|
|
----
|
|
|
|
. Create the new `MachineConfig` object by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f 99-worker-setsebool.yaml
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
Applying any changes to the `MachineConfig` object causes all affected nodes to gracefully reboot after the change is applied.
|
|
====
|