add some info regarding how to configure selinux

_toc.yml

@@ -66,6 +66,7 @@ chapters:
           - file: admin-guide/configuration/ssh_host_hopping
           - file: admin-guide/configuration/citrix_vda
           - file: admin-guide/configuration/configuration_email
+          - file: admin-guide/configuration/selinux_configuration
       - file: admin-guide/container/index
         sections:
           - file: admin-guide/container/docker

admin-guide/configuration/selinux_configuration.md

@@ -0,0 +1,59 @@
+# SELinux Configuration
+
+Enable troubleshoot tools
+```yml
+base::enable_auditd: true
+selinux::setroubleshootd: true
+```
+
+Enable or disable selinux on a machine (default depends on the RHEL version)
+```yml
+base::selinux_mode: 'disabled'
+```
+
+Options:
+* `permissive`
+* `enforcing`
+
+
+Use nfs home directory:
+```yaml
+selinux::use_nfs_home_dirs: true
+```
+
+Set selinux booleans
+```yml
+selinux::booleans: [ 'httpd_can_network_connect', 'domain_can_mmap_files']
+```
+
+
+Set fcontext for specific directories/directory
+```yml
+selinux::fcontext:
+  logbook-data:
+    pathspec: '/var/www/html/logbook-data(/.*)?'
+    seltype: 'httpd_sys_rw_content_t'
+  logbook-data-local:
+    pathspec: '/var/www/html/logbook-data-local(/.*)?'
+    seltype: 'httpd_sys_rw_content_t'
+```
+(you can choose any unique key name)
+
+
+Explicitly specify a selinux module:
+```yml
+selinux::modules::te:
+  # SELinux is preventing /usr/local/bin/musrview from setattr access on the directory /usr/lib/fontconfig/cache
+  'musrview-font-cache': |
+    module musrview-font-cache 1.0;
+    require {
+        type lib_t;
+        type httpd_sys_script_t;
+        class dir setattr;
+    }
+    allow httpd_sys_script_t lib_t:dir setattr;
+
+```
+
+
+For troubleshooting SELinux related problems please have a look at [SELinux Troublehooting Guide](../troubleshooting/selinux.md)`