summaryrefslogtreecommitdiffstats
path: root/docker/services
diff options
context:
space:
mode:
authorOliver Walsh <owalsh@redhat.com>2017-10-28 00:06:46 +0100
committerOliver Walsh <owalsh@redhat.com>2017-11-01 22:48:25 +0000
commitb3277ed2ca4df1fb1bf23565a9104d6b047e1ac1 (patch)
tree276c405f59b8370c001f4efeb48fb3dee9869747 /docker/services
parent06f8f2eb1c60bcbb92989880866f43fb5422d865 (diff)
Only mount selinux sysfs in nova_libvirt container
https://review.openstack.org/500952 initially just did this. Then we assumed every container should have the selinux sysfs. This causes issues with the sshd container used for live-migration. The advice from the selinux experts is that it should not be enabled within containers, so reverting back to the original fix that enables it only in the nova-libvirt container. Closes-bug: 1729405 Change-Id: I80bf38d7d64ab99510574af5c57423fde9b84eca (cherry picked from commit 7c8127cf96a281dd5cee96e1a68bc0508b9ba4e7)
Diffstat (limited to 'docker/services')
-rw-r--r--docker/services/containers-common.yaml1
-rw-r--r--docker/services/nova-libvirt.yaml1
2 files changed, 1 insertions, 1 deletions
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index 9f982f8b..2c894da5 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -64,7 +64,6 @@ outputs:
# Syslog socket
- /dev/log:/dev/log
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
- - /sys/fs/selinux:/sys/fs/selinux
- if:
- internal_tls_enabled
- - list_join:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index df168945..e585cb6c 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -206,6 +206,7 @@ outputs:
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/vhost_sockets:/var/lib/vhost_sockets
+ - /sys/fs/selinux:/sys/fs/selinux
-
if:
- use_tls_for_live_migration