Allow IBM MQ and associated Products to run on Redhat SELinux in confined mode.

Idea / RFE Review. Apologies for the length of time this RFE has been held in Uncommitted Candidate / Future Consideration status. Since this suggestion was initially raised, the growing popularity of container based architectures has meant that increasingly the ACE architecture and operational model has been amended to enable it to run in situations of lower privilege or at very least more closely defined privilege. For example, the integration server process' ability to run standalone without the need for an integration node, and the product's ability to run independently from MQ have both helped. The ability to write to a console log file as an alternative to the syslog, the administrative security model applied using files as an alternative to MQ queues, and the fact that root access is also not needed are other examples. That said, ACE does still require some aspects of application freedom such as the ability to open a wide variety of ports/sockets to be used for several transports, and the use of mqbrkrs group to control access to uds file for localized admin access and commands. Given these advances, it would still be potentially possible to formally embrace this requirement in future. With a solitary vote we have no immediate plans to prioritize this request from the business viewpoint, but would like to keep the idea open to allow users the opportunity to continue to register their interest. Status is maintained as Future Consideration.

Unfortunately RFEs are considered on a product by product basis and cannot be transferred between product groups.
At the moment this RFE will be considered as an enhancement request against IIB, so if you wish to separately proposition the MQ team, could we please ask you to raise a separate RFE.
As I suspect you are aware, the current IIB statement of support with regard to SELinux is as follows:

SELinux Support
If SELinux is enabled it must be configured as follows:
1) The Red Hat Enterprise Linux targeted SELinux policy provided with the operating system must be used. The SELINUXTYPE=targeted option must be set in the SELinux configuration.
2) All IBM Integration Bus applications and control commands must run in an unconfined SELinux security context (for example, SELinux user unconfined_u)
3) Do not alter the operating system SELinux security policy to impose additional restrictions on unconfined applications.
4) SELinux must not deny access to the /var/mqsi and program installation directories by IBM Integration Bus applications and control commands.
5) Use of Multi-Level Security (MLS) with multiple sensitivity levels is not supported. All of the IBM Integration Bus applications and control commands on the system must run at the same SELinux sensitivity level.
You can use SELinux in either enforcing or permissive mode provided these requirements are satisfied.

Status of this RFE is updated to Uncommitted Candidate.

Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - WebSphere
Product family - Integration
Product - IBM Integration Bus (WebSphere Message Broker) - IIB

For recording keeping, the previous attributes were:
Brand - WebSphere
Product family - Connectivity and Integration
Product - IBM Integration Bus (WebSphere Message Broker) - IIB