Requirements for OpenShift Container Storage on SELinux

To use OpenShift Container Storage, you must create an SELinux policy module and install it on all of the nodes that are hosting Db2.

  1. Add the following code to the db2u-cephfs.te file and save the file to your desired location:
    module db2u-cephfs 1.0;
require {
type cephfs_t;
type container_t;
class fifo_file { create open read unlink write ioctl getattr setattr };
}
#============= container_t ==============
allow container_t cephfs_t:fifo_file { create open read unlink write ioctl getattr setattr };
  2. Transform the db2u-cephfs.te file into the db2u-cephfs.mod module file:
    # checkmodule -M -m -o db2u-cephfs.mod db2u-cephfs.te
  3. Compile the module file db2u-cephfs.mod into the policy package file db2u-cephfs.pp:
    # semodule_package -o db2u-cephfs.pp db2u-cephfs.mod
  4. Install the policy package:
    # semodule -i db2u-cephfs.pp
  5. To confirm that the package was installed, you can run the following command:
    semodule -l

    The SE Linux module db2u-cephfs should be shown.

Note: Only Step 4 is necessary to install the SELinux policy. You can perform the first three steps on a single node and transfer the policy package file db2u-nfs.pp to all of the other nodes and install it.