diff options
author | Oliver Walsh <owalsh@redhat.com> | 2017-10-28 00:06:46 +0100 |
---|---|---|
committer | Oliver Walsh <owalsh@redhat.com> | 2017-11-01 22:48:25 +0000 |
commit | b3277ed2ca4df1fb1bf23565a9104d6b047e1ac1 (patch) | |
tree | 276c405f59b8370c001f4efeb48fb3dee9869747 /docker/services/nova-libvirt.yaml | |
parent | 06f8f2eb1c60bcbb92989880866f43fb5422d865 (diff) |
Only mount selinux sysfs in nova_libvirt container
https://review.openstack.org/500952 initially just did this. Then we assumed
every container should have the selinux sysfs.
This causes issues with the sshd container used for live-migration.
The advice from the selinux experts is that it should not be enabled within
containers, so reverting back to the original fix that enables it only in the
nova-libvirt container.
Closes-bug: 1729405
Change-Id: I80bf38d7d64ab99510574af5c57423fde9b84eca
(cherry picked from commit 7c8127cf96a281dd5cee96e1a68bc0508b9ba4e7)
Diffstat (limited to 'docker/services/nova-libvirt.yaml')
-rw-r--r-- | docker/services/nova-libvirt.yaml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index df168945..e585cb6c 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -206,6 +206,7 @@ outputs: - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova - /var/lib/vhost_sockets:/var/lib/vhost_sockets + - /sys/fs/selinux:/sys/fs/selinux - if: - use_tls_for_live_migration |