diff options
author | Oliver Walsh <owalsh@redhat.com> | 2017-09-05 19:19:17 +0100 |
---|---|---|
committer | Oliver Walsh <owalsh@redhat.com> | 2017-09-11 15:21:49 -0600 |
commit | 185071236718ca1bfbb46a857cef1a8e0a5c14c0 (patch) | |
tree | ca11ef2aa7b3033fbfb88b0fc0082b81e15d8259 /common/major_upgrade_steps.j2.yaml | |
parent | e73c84ad5685df4cdca70d9ad255635de2cf63f7 (diff) |
Enable selinux in containers
We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3.
It will fail if security_inode_copy_up is not found in the kernel symbols:
https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661
NB this has been reduced to a warning upstream:
https://github.com/moby/moby/commit/885b29df096db1d6746ece4b3a298a1ffe85716d
Instead this just bind mounts /sys/fs/selinux in containers-common.yaml.
Everything appears to work at initial glance. Pingtest succeeds, and
live-migration between baremetal and containerized computes works.
Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c
Closes-bug: #1715171
(cherry picked from commit 520f889a31f1ea6ee2bad86d1dbb3c0435604d10)
Diffstat (limited to 'common/major_upgrade_steps.j2.yaml')
0 files changed, 0 insertions, 0 deletions