]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 71ca625) | patch
cephadm: make /sys/fs/selinux empty
authorKen Dreyer <kdreyer@redhat.com>
Wed, 10 Feb 2021 15:08:51 +0000 (08:08 -0700)
committerJuan Miguel Olmo Martínez <jolmomar@redhat.com>
Tue, 23 Feb 2021 09:33:41 +0000 (10:33 +0100)
commit80c59e6f26a71f6ceaa6294bd745a6fba016ce77
tree5799ea91827e7173b6b2135b28169026427c9e15tree | snapshot
parent71ca6256249f5020aa372710c6a9eece4acc80f4commit | diff
cephadm: make /sys/fs/selinux empty

When the following conditions are true:

  1) A host has selinux-policy-targeted,
  2) We mount the host's /sys into a privileged container,
  3) The container has SELINUXTYPE=targeted in /etc/selinux/config,
  4) The container does not have an selinux-policy-targeted package,

then SELinux-enabled applications like restorecon or DNF do not work inside
the container.

Resolve this by making /sys/fs/selinux an empty directory.

Fixes: https://tracker.ceph.com/issues/49239
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
(cherry picked from commit f0f96445b2033ba52acc7bc1e99a777f93464d8b)
src/cephadm/cephadm diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.