Only mount selinux sysfs in nova_libvirt container

https://review.openstack.org/500952 initially just did this. Then we assumed
every container should have the selinux sysfs.
This causes issues with the sshd container used for live-migration.

The advice from the selinux experts is that it should not be enabled within
containers, so reverting back to the original fix that enables it only in the
nova-libvirt container.

Closes-bug: 1729405
Change-Id: I80bf38d7d64ab99510574af5c57423fde9b84eca
(cherry picked from commit 7c8127cf96a281dd5cee96e1a68bc0508b9ba4e7)

2 files changed, 1 insertions, 1 deletions

diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index 9f982f8b..2c894da5 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -64,7 +64,6 @@ outputs:
           # Syslog socket
           - /dev/log:/dev/log
           - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
-          - /sys/fs/selinux:/sys/fs/selinux
         - if:
           - internal_tls_enabled
           - - list_join:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index df168945..e585cb6c 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -206,6 +206,7 @@ outputs:
                   - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
                   - /var/log/containers/nova:/var/log/nova
                   - /var/lib/vhost_sockets:/var/lib/vhost_sockets
+                  - /sys/fs/selinux:/sys/fs/selinux
                 -
                   if:
                     - use_tls_for_live_migration