tripleo

  1. Bug #1853844
  2. Comment #2

Comment 2 for bug 1853844

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/695903
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=af80a0d914d9663079ad30c7dcdf73e1060c33e7
Submitter: Zuul
Branch: master

commit af80a0d914d9663079ad30c7dcdf73e1060c33e7
Author: Cédric Jeanneret <email address hidden>
Date: Mon Nov 25 14:43:25 2019 +0100

    Drop the SELinux flags for openvswitch /var/run directory

    Enforcing re-labelling (:z) creates some issues when we are deploying
    with DPDK.
    A new SELinux policy has been added[1] in openstack-selinux, allowing
    container_t to actually write in openvswitch_file_t.

    The "shared" flag isn't of any use in this context, because we don't
    have any sub-mounts[2] in there.

    Also dropped a duplicate mount (/var/run == /run)

    This issue is related to the following BZ:
    https://bugzilla.redhat.com/show_bug.cgi?id=1772025
    https://bugzilla.redhat.com/show_bug.cgi?id=1776326

    [1] https://github.com/redhat-openstack/openstack-selinux/pull/46
    [2] https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation

    Change-Id: I216d7899c569419fdee7e30cc11af1d68d0f7fa3
    Closes-Bug: #1853844