Update docs related to selinux

vishesh92 · vishesh92 · commit 97ea913cb95e · 2024-07-02T11:18:41.000+05:30
diff --git a/source/developersguide/ansible.rst b/source/developersguide/ansible.rst
@@ -294,6 +294,10 @@ For the management server role we create a main.yml task like this:
 
 Save this as `/etc/ansible/roles/cloudstack-management/tasks/main.yml`
 
+.. note:: In a production environment, selinux would be set to enforcing
+   and the necessary selinux policies would be created to allow the
+   services to run.
+
 Now we have some new elements to deal with. The Ansible Template module
 uses Jinja2 based templating.  As we’re doing a simplified example here,
 the Jinja Template for the cloudstack.repo won’t have any variables in
diff --git a/source/installguide/hypervisor/kvm.rst b/source/installguide/hypervisor/kvm.rst
@@ -529,6 +529,10 @@ ensure the Agent has all the required permissions.
 
          $ setenforce permissive
 
+.. note:: In a production environment, selinux would be set to enforcing
+   and the necessary selinux policies would be created to allow the
+   services to run.
+
 #. Configure Apparmor (Ubuntu)
 
 
diff --git a/source/installguide/hypervisor/lxc.rst b/source/installguide/hypervisor/lxc.rst
@@ -319,6 +319,10 @@ ensure the Agent has all the required permissions.
 
          $ setenforce permissive
 
+.. note:: In a production environment, selinux would be set to enforcing
+   and the necessary selinux policies would be created to allow the
+   services to run.
+
 #. Configure Apparmor (Ubuntu)
 
    #. Check to see whether AppArmor is installed on your machine. If
diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst
@@ -166,6 +166,10 @@ MySQL. See :ref:`install-database-on-separate-node`.
 
          setenforce permissive
 
+.. note:: In a production environment, selinux would be set to enforcing
+   and the necessary selinux policies would be created to allow the
+   services to run.
+
 #. Set up the database.
 
    The cloudstack-setup-databases script is used for creating the cloudstack
diff --git a/source/quickinstallationguide/qig.rst b/source/quickinstallationguide/qig.rst
@@ -227,9 +227,10 @@ and ensure that it returns a FQDN response
 SELinux
 ^^^^^^^
 
-At the moment, for CloudStack to work properly SELinux must be set to 
-permissive or disabled. We want to both configure this for future boots and modify it in 
-the current running system.
+In an ideal environment, selinux would be set to enforcing and the necessary
+selinux policies would be created to allow the services to run. For this guide,
+we will set selinux to permissive mode. This will allow us to install and
+configure the services without having to worry about selinux policies.
 
 To configure SELinux to be permissive in the running system we need to run the 
 following command:
