Skip to Main Content

This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Workspace App Connect
Created by Guest
Created on Sep 21, 2015

Allow IBM MQ and associated Products to run on Redhat SELinux in confined mode.

Currently IBM MQ V7.5.04 and V8.0.0.2 are supported on SELinux enabled systems but the Queue Manager and Applications must be configured to run in unconfined mode.

Idea priority Urgent
RFE ID 77259
RFE Product IBM App Connect Enterprise (formerly IBM Integration Bus)
  • Admin
    Ben Thompson
    Oct 3, 2021

    Idea / RFE Review. Apologies for the length of time this RFE has been held in Uncommitted Candidate / Future Consideration status. Since this suggestion was initially raised, the growing popularity of container based architectures has meant that increasingly the ACE architecture and operational model has been amended to enable it to run in situations of lower privilege or at very least more closely defined privilege. For example, the integration server process' ability to run standalone without the need for an integration node, and the product's ability to run independently from MQ have both helped. The ability to write to a console log file as an alternative to the syslog, the administrative security model applied using files as an alternative to MQ queues, and the fact that root access is also not needed are other examples. That said, ACE does still require some aspects of application freedom such as the ability to open a wide variety of ports/sockets to be used for several transports, and the use of mqbrkrs group to control access to uds file for localized admin access and commands. Given these advances, it would still be potentially possible to formally embrace this requirement in future. With a solitary vote we have no immediate plans to prioritize this request from the business viewpoint, but would like to keep the idea open to allow users the opportunity to continue to register their interest. Status is maintained as Future Consideration.

  • Guest
    Jul 4, 2016

    Unfortunately RFEs are considered on a product by product basis and cannot be transferred between product groups.
    At the moment this RFE will be considered as an enhancement request against IIB, so if you wish to separately proposition the MQ team, could we please ask you to raise a separate RFE.
    As I suspect you are aware, the current IIB statement of support with regard to SELinux is as follows:

    SELinux Support
    If SELinux is enabled it must be configured as follows:
    1) The Red Hat Enterprise Linux targeted SELinux policy provided with the operating system must be used. The SELINUXTYPE=targeted option must be set in the SELinux configuration.
    2) All IBM Integration Bus applications and control commands must run in an unconfined SELinux security context (for example, SELinux user unconfined_u)
    3) Do not alter the operating system SELinux security policy to impose additional restrictions on unconfined applications.
    4) SELinux must not deny access to the /var/mqsi and program installation directories by IBM Integration Bus applications and control commands.
    5) Use of Multi-Level Security (MLS) with multiple sensitivity levels is not supported. All of the IBM Integration Bus applications and control commands on the system must run at the same SELinux sensitivity level.
    You can use SELinux in either enforcing or permissive mode provided these requirements are satisfied.

    Status of this RFE is updated to Uncommitted Candidate.

  • Guest
    Oct 7, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - WebSphere
    Product family - Integration
    Product - IBM Integration Bus (WebSphere Message Broker) - IIB

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Connectivity and Integration
    Product - IBM Integration Bus (WebSphere Message Broker) - IIB