Requirements for OpenShift Data Foundation on SELinux

To use OpenShift Data Foundation, you must create an SELinux policy module and install it on all of the nodes that are hosting Db2 Warehouse.

Attention: This requirement applies to only Db2 Warehouse MPP deployments.

Use the oc debug command to access a worker node where the instance is installed:
```
oc debug node/<worker_node_name>
```
To change to the host filesystem as root, use the following command:
```
chroot /host
```

Add the following code to the db2u-cephfs.te file and save the file to your desired location:

module db2u-cephfs 1.0;
require {
type cephfs_t;
type container_t;
class fifo_file { create open read unlink write ioctl getattr setattr };
}
#============= container_t ==============
allow container_t cephfs_t:fifo_file { create open read unlink write ioctl getattr setattr };

Transform the db2u-cephfs.te file into the db2u-cephfs.mod module file:
```
# checkmodule -M -m -o db2u-cephfs.mod db2u-cephfs.te
```
Compile the module file db2u-cephfs.mod into the policy package file db2u-cephfs.pp:
```
# semodule_package -o db2u-cephfs.pp -m db2u-cephfs.mod
```
Install the policy package:
```
# semodule -i db2u-cephfs.pp
```
To confirm that the package was installed, you can run the following command:
```
semodule -l
```
The SE Linux module db2u-cephfs should be shown.

Note: Only Step 4 is necessary to install the SELinux policy. You can perform the first three steps on a single node and transfer the policy package file db2u-cephfs.pp to all of the other nodes and install it.