Selinux Disabled

Makrand · April 30, 2020, 5:11am

[root@mongo-cent ~]# sestatus
SELinux status: disabled
[root@mongo-cent ~]# getenforce
Disabled

This is on Centos 7 LXC.

Looks like selinux is disabled by default on all of the images. Any reason?
Just curious.

r3flow · December 19, 2024, 8:55am

I’m also interested in this (alma9 host, incus 6.4, alma9 container). How do I enable SELinux in the container? It’s enabled on the host.

The container:

# cat /etc/redhat-release 
AlmaLinux release 9.5 (Teal Serval)

# sestatus 
SELinux status:                 disabled

# getenforce 
Disabled

# cat /etc/sysconfig/selinux | grep ^SELINUX=
SELINUX=enforcing

Makrand · December 19, 2024, 9:07am

If you’re using the lxd then this is not the place to ask for support @r3flow

r3flow · December 19, 2024, 12:25pm

I use Incus 6.4 from the fedora/copr repo on almalinux 9.

stgraber · December 19, 2024, 3:24pm

That’s not a particularly easy process right now.
You’d need to:

Make sure that SELinux is enabled on the host
Use a block based storage type for your containers
Use block.mount_options as a way to pass the SELinux labels for the container filesystem

@mschiff has been doing a bunch of work related to that on Gentoo, you can find more details here Unable to add lxc rootfs mount options (context=)