Requirements for OpenShift Container Storage on SELinux

To use OpenShift® Container Storage, you must create an SELinux policy module and install it on all of the nodes that are hosting Db2® Warehouse.

  1. Add the following code to the db2u-cephfs.te file and save the file to your desired location:
    module db2u-cephfs 1.0;
require {
type cephfs_t;
type container_t;
class fifo_file { create open read unlink write ioctl getattr setattr };
}
#============= container_t ==============
allow container_t cephfs_t:fifo_file { create open read unlink write ioctl getattr setattr };
  2. Transform the db2u-cephfs.te file into the db2u-cephfs.mod module file:
    # checkmodule -M -m -o db2u-cephfs.mod db2u-cephfs.te
  3. Compile the module file db2u-cephfs.mod into the policy package file db2u-cephfs.pp:
    # semodule_package -o db2u-cephfs.pp db2u-cephfs.mod
  4. Install the policy package:
    # semodule -i db2u-cephfs.pp
  5. To confirm that the package was installed, you can run the following command:
    semodule -l

    The SE Linux module db2u-cephfs should be shown.

Note: Only Step 4 is necessary to install the SELinux policy. You can perform the first three steps on a single node and transfer the policy package file db2u-nfs.pp to all of the other nodes and install it.