SELinux-enabled Images

Warewulf supports booting SELinux-enabled images, though nodes using SELinux must be configured to use tmpfs for their image file system. (The default initramfs root does not support extended file attributes, which are required for SELinux context labeling.)

wwctl profile set default --root tmpfs

Note

Versions of Warewulf prior to v4.5.8 also required a kernel argument “rootfstype=ramfs” in order for wwinit to copy the image to tmpfs; but this is no longer required.

Once that is done, enable SELinux in /etc/sysconfig/selinux and install the appropriate packages in the image. An example of such an image is available in the warewulf-node-images repository.

SELinux requires extended attributes, which aren’t supported on a default initramfs root. Nodes using SELinux should specify --root=tmpfs.