How Do I Enable SELinux of HCE?
SELinux is disabled by default on HCE. You can enable SELinux as needed.
Do not run the /etc/selinux/config command to enable SELinux. If you enable SELinux by running this command, login may fail.
Procedure
- Modify the configuration file.
EFl: Delete selinux=0 from /boot/efi/EFl/hce/grub.cfg.
BlOS: Delete selinux=0 from /boot/grub2/grub.cfg.
If selinux=0 cannot be found, ignore it.
- Run the touch /.autorelabel command.
The /.autorelabel file triggers the OS to relabel all files on the disk during startup. This process may take several minutes. After the relabel operation is complete, the OS automatically restarts for the operation to take effect and deletes the /.autorelabel file to ensure that the relabel operation will not be performed again.
- Open the configuration file /etc/selinux/config, set SELINUX to permissive, and run the reboot command to restart the OS.
Figure 1 Setting SELINUX=permissive
- Open the configuration file /etc/selinux/config, set SELINUX to enforcing, and run the reboot command to restart the OS.
Figure 2 Setting SELINUX=enforcing
- Run the getenforce command to check the SELinux status.
If Enforcing is displayed, SELinux is enabled.
Figure 3 Checking the SELinux status
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
