Skip to main content
Skip table of contents

Troubleshooting Installation of IGEL Cloud Gateway (ICG) on a SELinux System Failed

Symptom

When you try to install the IGEL Cloud Gateway (ICG) on a system on which SELinux is active, you run into an error like:

BASH
Error:
stderr: Python 2.7.18
Command 'systemctl --quiet enable icg-server' returned non-zero exit status 1

Problem

The ICG service cannot be started because it is not allowed to access the necessary system resources. The appropriate SELinux policy is missing.

For more information on SELinux, see https://www.redhat.com/en/topics/linux/what-is-selinux

Environment

  • ICG 2.04.100 and ICG 2.05.100 (tested; the solution should also work with higher versions)

  • Red Hat Enterprise Linux 8.5 with kernel  4.18.0-348.el8.x86_64 (tested; the solution might also work with other Linux systems)

  • The Prerequisites must be met

  • Python must be installed 

  • Firewall Configuration: The port that will be used by the ICG for incoming connections must be open. By default, this is port 8443; for further information, see Network Ports Used.

Solution

We will define an SELinux policy in a file and install it with a script in the following.

Writing the SELinux Policy

  1. Login to the machine that will host your ICG and go to a directory where your user is allowed to create files.

  2. Open the text editor of your choice, e.g. vi, and create a file named icg.te

    BASH
    vi icg.te

  1. Enter the following content into the file and save it as icg.te (in vi, the file is saved with :wq):

    CODE
    module icg 1.0;
    
    require {
            type init_t;
            type user_home_t;
            class file { execute execute_no_trans ioctl open read };
    }
    
    #============= init_t ==============
    allow init_t user_home_t:file { execute execute_no_trans ioctl open read };

Installing the SELinux Policy

  1. Create another file named icg sh; this will be the install script.

    BASH
    vi icg.sh

  1. Enter the following content into the file and save it as icg.sh:

    CODE
     #!/bin/bash
     checkmodule -M -m -o icg.mod icg.te
     semodule_package -o icg.pp -m icg.mod
     semodule -i icg.pp 

  1. Run the install script.

    BASH
    chmod +x icg.sh
    sudo ./icg.sh

    Now that the security policy is installed, you can install the ICG on your system.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.