SELinux allows you to set access control through policies. You can set the SELinux mode while creating a new operational database. You can configure the SELinux enforcement for your Cloudera Operational Database using the Cloudera Operational Database UI or CDP CLI.
This feature is under technical preview. To use this feature, you must have the CDP_SECURITY_ENFORCING_SELINUX entitlement in your Cloudera environment and the minimum runtime version of 7.2.18.700 or 7.3.1.100. Contact Cloudera support if you do not have this entitlement.
Using the CDP CLI:
You can define the SELinux mode using the seLinux parameter in the create-database command. The supported SELinux modes are:
- ENFORCING: Enables SELinux in enforced mode, actively applying security policies.
- PERMISSIVE (default): Sets SELinux to permissive mode, logging any security violations without enforcing policies.
If you do not define the seLinux parameter, by default, the PERMISSIVE mode is applied.
The following example shows usage of the seLinux parameter.
opdb create-database --environment-name [***ENVIRONMENT_NAME***] --database-name [***DATABASE_NAME***] --security-request '{"seLinux": string}'
opdb create-database --environment-name cod-7218-micro1 --database-name testDB --security-request '{"seLinux": "ENFORCING"}'
opdb create-database --environment-name cod-7218-micro1 --database-name testDB --security-request '{"seLinux": "PERMISSIVE"}'For more information, see CDP CLI documentation and Setting SELinux Mode.
Using the Cloudera Operational Database UI:
In the Cloudera Operational Database UI, go to Create Database > Settings > Advanced > SELinux to configure the SELinux enforcement.
You can configure the SELinux option as Permissive or Enforcing.
This feature is available starting in COD v1.50, and you do not need to upgrade to a higher version of Cloudera Operational Database to benefit from it.
Take a tour of the Cloudera Operational Database product, Product Tour.
