Requirements for Portworx on SELinux

To use Portworx storage, you must create an SELinux policy module and install it on all of the nodes that are hosting Db2 or Db2 Warehouse.

  1. Add the following code to the db2u-nfs.te file and save the file to your desired location:
    module db2u-nfs 1.0;

require {
  type nfs_t;
  type container_t;
  class fifo_file { create open read unlink write ioctl getattr setattr };
}
allow container_t nfs_t:fifo_file { create open read unlink write ioctl getattr setattr };
  2. Transform the db2u-nfs.te file into the db2u-nfs.mod module file:
    # checkmodule -M -m -o db2u-nfs.mod db2u-nfs.te
  3. Compile the module file db2u-nfs.mod into the policy package file db2u-nfs.pp:
    # semodule_package -o db2u-nfs.pp -m db2u-nfs.mod
  4. Install the policy package:
    # semodule -i db2u-nfs.pp
  5. To confirm that the package was installed, you can run the following command:
    semodule -l

    The SE Linux module db2u-nfs should be shown.

Note: Only Step 4 is necessary to install the SELinux policy. You can perform the first three steps on a single node and transfer the policy package file db2u-nfs.pp to all of the other nodes and install it.