Installation of IGEL Cloud Gateway (ICG) on a SELinux System Failed

Symptom

When you try to install the IGEL Cloud Gateway (ICG) on a system on which SELinux is active, you run into an error like:

Error:
stderr: Python 2.7.18
Command 'systemctl --quiet enable icg-server' returned non-zero exit status 1

BASH

Problem

The ICG service cannot be started because it is not allowed to access the necessary system resources. The appropriate SELinux policy is missing.

For more information on SELinux, see https://www.redhat.com/en/topics/linux/what-is-selinux

Environment

ICG 2.04.100 and ICG 2.05.100 (tested; the solution should also work with higher versions)
Red Hat Enterprise Linux 8.5 with kernel 4.18.0-348.el8.x86_64 (tested; the solution might also work with other Linux systems)
The Prerequisites must be met
Python must be installed
Firewall Configuration: The port that will be used by the ICG for incoming connections must be open. By default, this is port 8443; for further information, see Network Ports Used.

Solution

We will define an SELinux policy in a file and install it with a script in the following.

Writing the SELinux Policy

Login to the machine that will host your ICG and go to a directory where your user is allowed to create files.
Open the text editor of your choice, e.g. vi, and create a file named icg.te
```
vi icg.te
```
BASH

Enter the following content into the file and save it as icg.te (in vi, the file is saved with :wq):

module icg 1.0;

require {
        type init_t;
        type user_home_t;
        class file { execute execute_no_trans ioctl open read };
}

#============= init_t ==============
allow init_t user_home_t:file { execute execute_no_trans ioctl open read };

CODE

Installing the SELinux Policy

Create another file named icg sh; this will be the install script.
```
vi icg.sh
```
BASH

Enter the following content into the file and save it as icg.sh:

 #!/bin/bash
 checkmodule -M -m -o icg.mod icg.te
 semodule_package -o icg.pp -m icg.mod
 semodule -i icg.pp