Does RHV require SELinux enabled in enforcing mode?

Solution Verified - Updated 6 Aug 2024

Environment

Red Hat Virtualization 4.x

Issue

Does RHV require SELinux to be enabled and in enforcing mode?

Resolution

In RHV 4 enforced mode is required and disabling SELinux is not supported.

SELinux is in enforcing mode upon installation. Since RHV 4.0, SELinux is required to be in enforcing mode on all hypervisors and Managers for your Red Hat Virtualization environment to be supported by Red Hat. This is the way RHV is tested and running with SELinux disabled can lead to unexpected behavior of the system.

SELinux mode can be checked in the Hosts tab in the Administration Portal or by running the following command on each host and the manager:

# getenforce
enforcing

Note1: Besides being a good security practice, the advanced virtualization security functionality provided by RHV relies on SELinux. For more details, please see Best practices for securing virtual machines.

Note2: If there is any customization that fails to run because of selinux protection, open a support case to get assistance with the selinux setup to allow the customization to work. Do not disable SELinux.

SBR

Virtualization

Product(s)

Red Hat Virtualization

Components

rhev-hypervisor

Category

Learn more

Tags

rhev
selinux

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.