Jump to content
Welcome to our new Citrix community!

It is possible to run NetScaler ADC BLX, when the host Linux SELinux is configured to be "enforcing" ?

Harihara Sudhan
Go to solution Solved by Amresh Gunjan,

Recommended Posts

  • Solution

To run BLX in RHEL 8 and above with SELinux enabled, we need to follow below steps as an workaround:-

1) Apply attached policy file "BLX_Policy.pp" using 'semodule -i BLX_Policy.pp'

                 This will add all the exceptions for BLX process in the SELinux.

2) Install BLX

3) Do all the required configurations in blx.conf and start BLX using 'systemctl start blx'. BLX should work with SELinux enabled.

Below are the steps to generate the SELinux policy exceptions for BLX:-

1) On a fresh RHEL 8 or above VM or machine, run 'setenforce 0' to set SELinux as 'Permissive' mode.

2) Install the BLX and start BLX. SELinux will allow BLX to run in 'Permissive' mode but it will capture all exceptions in audit.log

3) Run below command to capture all policy exceptions from audit.log and to create a policy file.

grep -E 'blx*|ns*' /var/log/audit/audit.log |audit2allow -a -M <policy_file_name>

4) If you just want to check the policy changes required or what are the policy changes done then run below command:-

grep -E 'blx*|ns*' /var/log/audit/audit.log |audit2allow -a

5) To implement the policy changes, run:-

semodule -i <policy_file_name>.pp

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...