SELinux

Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system.

— RedHat
What is SELinux? https://www.redhat.com/en/topics/linux/what-is-selinux

Reids-Server

If SELinux is activated, the start of Redis is prevented. To run Redis properly, an exception for SELinux must be set up. For this purpose, the file redis-server.te is created with the required exceptions.

module redis-server 1.0;

require {
    type init_t;
    type redis_t;
    class process2 nnp_transition;
}

#============= init_t ==============
allow init_t redis_t:process2 nnp_transition;

Next, a policy module file and a policy package are created using the following commands:

checkmodule -M -m -o redis-server.mod redis-server.te
semodule_package -o redis-server.pp -m redis-server.mod

The policy package can then be activated with semodule -i redis-server.pp.

opsi-linux-client-agent

Some distributions use selinux also on the client side. For these, we have to install a specific selinux config to enable regular operations. During opsi-linux-client-agent installation, we search for the semodule command and install this selinux config if present.