]> git.apps.os.sepia.ceph.com Git - ceph-ansible.git/commit
projects / ceph-ansible.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0340929) | patch
dashboard: run node_export as privileged container
authorGuillaume Abrioux <gabrioux@redhat.com>
Tue, 3 Dec 2019 13:39:53 +0000 (14:39 +0100)
committerGuillaume Abrioux <gabrioux@redhat.com>
Mon, 9 Dec 2019 16:27:51 +0000 (17:27 +0100)
commit6295a339128b5238a9426ef7b8d6e6d4216d6064
treee8f5bea05b03c61bf7e25ce74097bd27a90eaf56tree | snapshot
parent0340929ed3e6f51623c38827b63fb38678ca86e9commit | diff
dashboard: run node_export as privileged container

Typical error:

```
type=AVC msg=audit(1575367499.582:3210): avc:  denied  { search } for  pid=26680 comm="node_exporter" name="1" dev="proc" ino=11528 scontext=system_u:system_r:container_t:s0:c100,c1014 tcontext=system_u:system_r:init_t:s0 tclass=dir permissive=0
```

node_exporter needs to be run as privileged to avoid avc denied error
since it gathers lot of information on the host.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1762168
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit d245eb7e7d9453af04e141ed0abd3fbdef1e563c)
roles/ceph-node-exporter/templates/node_exporter.service.j2 diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.