When you try to install the IGEL Cloud Gateway (ICG) on a system on which SELinux is active, you run into an error like:

stderr: Python 2.7.18
Command 'systemctl --quiet enable icg-server' returned non-zero exit status 1


The ICG service cannot be started because it is not allowed to access the necessary system resources. The appropriate SELinux policy is missing.

For more information on SELinux, see


  • ICG 2.04.100 and ICG 2.05.100 (tested; the solution should also work with higher versions)
  • Red Hat Enterprise Linux 8.5 with kernel  4.18.0-348.el8.x86_64 (tested; the solution might also work with other Linux systems)
  • The Prerequisites must be met
  • Python must be installed 
  • Firewall Configuration: The port that will be used by the ICG for incoming connections must be open. By default, this is port 8443; for further information, see Network Ports Used.


We will define an SELinux policy in a file and install it with a script in the following.

Writing the SELinux Policy

  1. Login to the machine that will host your ICG and go to a directory where your user is allowed to create files.

  2. Open the text editor of your choice, e.g. vi, and create a file named icg.te

    vi icg.te
  3. Enter the following content into the file and save it as icg.te (in vi, the file is saved with :wq):

    module icg 1.0;
    require {
            type init_t;
            type user_home_t;
            class file { execute execute_no_trans ioctl open read };
    #============= init_t ==============
    allow init_t user_home_t:file { execute execute_no_trans ioctl open read };

Installing the SELinux Policy

  1. Create another file named icg sh; this will be the install script.

  2. Enter the following content into the file and save it as

     checkmodule -M -m -o icg.mod icg.te
     semodule_package -o icg.pp -m icg.mod
     semodule -i icg.pp 
  3. Run the install script.

    chmod +x
    sudo ./

    Now that the security policy is installed, you can install the ICG on your system.