tripleo

  1. Bug #1819459
  2. Comment #3

Comment 3 for bug 1819459

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/643240
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=c55cf61c99a8ad5e743672d1ef56fa12dbdc5f17
Submitter: Zuul
Branch: master

commit c55cf61c99a8ad5e743672d1ef56fa12dbdc5f17
Author: Cédric Jeanneret <email address hidden>
Date: Thu Mar 14 08:45:14 2019 +0100

    Avoid "-a" cp option in order to avoid SELinux AVC

    Using "cp -a" in a container might lead to SELinux failures, since this option
    is a shortcut for "-dR --preserve=all". The "all" has the context, and we do
    not allow SELinux relabelling within containers.

    Splitting the "-a" to "-dR --preserve" will provide the same end results, but
    without the relabelling, preventing audit.log to fill up during the deploy.

    Closes-Bug: #1819459
    Change-Id: Ic280ad8e95fcc32986987f5abaa524f171d7c13b