Update docs related to selinux (#411)

vishesh92 · web-flow · commit 2f554431b198 · 2024-10-01T12:45:27.000+05:30
* Update docs related to selinux

* Adress comments
diff --git a/source/developersguide/ansible.rst b/source/developersguide/ansible.rst
@@ -294,6 +294,10 @@ For the management server role we create a main.yml task like this:
 
 Save this as `/etc/ansible/roles/cloudstack-management/tasks/main.yml`
 
+.. note:: In a production environment, selinux should be set to enforcing
+   and the necessary selinux policies are created to allow the
+   services to run.
+
 Now we have some new elements to deal with. The Ansible Template module
 uses Jinja2 based templating.  As we’re doing a simplified example here,
 the Jinja Template for the cloudstack.repo won’t have any variables in
diff --git a/source/installguide/hypervisor/kvm.rst b/source/installguide/hypervisor/kvm.rst
@@ -529,6 +529,10 @@ ensure the Agent has all the required permissions.
 
          $ setenforce permissive
 
+.. note:: In a production environment, selinux should be set to enforcing
+   and the necessary selinux policies are created to allow the
+   services to run.
+
 #. Configure Apparmor (Ubuntu)
 
 
diff --git a/source/installguide/hypervisor/lxc.rst b/source/installguide/hypervisor/lxc.rst
@@ -319,6 +319,10 @@ ensure the Agent has all the required permissions.
 
          $ setenforce permissive
 
+.. note:: In a production environment, selinux should be set to enforcing
+   and the necessary selinux policies are created to allow the
+   services to run.
+
 #. Configure Apparmor (Ubuntu)
 
    #. Check to see whether AppArmor is installed on your machine. If
diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst
@@ -166,6 +166,10 @@ MySQL. See :ref:`install-database-on-separate-node`.
 
          setenforce permissive
 
+.. note:: In a production environment, selinux should be set to enforcing
+   and the necessary selinux policies are created to allow the
+   services to run.
+
 #. Set up the database.
 
    The cloudstack-setup-databases script is used for creating the cloudstack
diff --git a/source/quickinstallationguide/qig.rst b/source/quickinstallationguide/qig.rst
@@ -227,9 +227,10 @@ and ensure that it returns a FQDN response
 SELinux
 ^^^^^^^
 
-At the moment, for CloudStack to work properly SELinux must be set to 
-permissive or disabled. We want to both configure this for future boots and modify it in 
-the current running system.
+In an ideal environment, selinux should be set to enforcing and the necessary
+selinux policies are created to allow the services to run. For this guide,
+we will set selinux to permissive mode. This will allow us to install and
+configure the services without having to worry about selinux policies.
 
 To configure SELinux to be permissive in the running system we need to run the 
 following command:
