Cloudera Operational Database supports creating a database with SELinux enforcement using the Cloudera Operational Database CLI. To use SELinux support, you must have the CDP_SECURITY_ENFORCING_SELINUX entitlement. Please get in touch with Cloudera support if you do not have this entitlement.
The SELinux allows you to set access control through policies. You can set the SELinux mode while creating a new operational database. You can define the SELinux mode using the seLinux parameter in the create-database command. The supported SELinux modes are:
- ENFORCING: Enables SELinux in enforced mode, actively applying security policies.
- PERMISSIVE (default): Sets SELinux to permissive mode, logging any security violations without enforcing policies.
If you do not define the seLinux parameter, by default, the PERMISSIVE mode is applied.
The following example shows the usage of the seLinux parameter.
opdb create-database --environment-name [***ENVIRONMENT_NAME***] --database-name [***DATABASE_NAME***] --security-request '{"seLinux": string}'opdb create-database --environment-name cod-7218-micro1 --database-name testDB --security-request '{"seLinux": "ENFORCING"}'opdb create-database --environment-name cod-7218-micro1 --database-name testDB --security-request '{"seLinux": "PERMISSIVE"}'
Doc references:
- Cloudera CLI documentation
This is available starting in COD v1.48 and you do not need to upgrade to a higher version of COD to benefit from this feature.
Try the Cloudera Operational Database for free with Test Drive (no cloud account or setup is needed).
