https://review.openstack.org/500952 initially just did this. Then we assumed
every container should have the selinux sysfs.
This causes issues with the sshd container used for live-migration.
The advice from the selinux experts is that it should not be enabled within
containers, so reverting back to the original fix that enables it only in the
nova-libvirt container.
Closes-bug:
1729405
Change-Id: I80bf38d7d64ab99510574af5c57423fde9b84eca
(cherry picked from commit
7c8127cf96a281dd5cee96e1a68bc0508b9ba4e7)
# Syslog socket
- /dev/log:/dev/log
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
- - /sys/fs/selinux:/sys/fs/selinux
- if:
- internal_tls_enabled
- - list_join:
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/vhost_sockets:/var/lib/vhost_sockets
+ - /sys/fs/selinux:/sys/fs/selinux
-
if:
- use_tls_for_live_migration
Code Review / apex-tripleo-heat-templates.git / commitdiff