qa/cephadm/smb: set virt_sandbox_use_netlink selinux bool on ctdb tests

Try to use the virt_sandbox_use_netlink selinux boolean to avoid getting
selinux AVC errors in smb tests using ctdb. Some tests run ctdb with
public addresses and the scripts that ctdb uses to manage those IPs
calls ss which uses netlink which can cause selinux denials.
Attempt to work around that problem by using a selinux boolean
documented in `container_selinux(8)`.

Signed-off-by: John Mulligan <jmulligan@redhat.com>

diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
index 0d862b2c5f99342b98c87bc31e4af2587ee342b2..e05869d93e3ae365da5f73e0130b9d2acdefcad0 100644 (file)
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
@@ -24,6 +24,9 @@ overrides:
 tasks:
 - cephadm.configure_samba_client_container:
     role: host.d
+- pexec:
+    all:
+      - setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:

diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
index 3bbf30ea42714f592b40b4e490f8bbf7572d0105..45ed41e8212af7ded285c5004d731fc5aa0aafa2 100644 (file)
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
@@ -26,6 +26,9 @@ tasks:
     role: host.d
 - vip:
     count: 1
+- pexec:
+    all:
+      - setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:

diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
index b9b0ec0d6f17e9403906a2587a6e48da11a11db7..aab74b1692be352233460770727ab3486f6a1176 100644 (file)
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
@@ -24,6 +24,9 @@ overrides:
 tasks:
 - cephadm.configure_samba_client_container:
     role: host.d
+- pexec:
+    all:
+      - setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:

diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
index b74593058e2baaabc68613afec440baabce57437..20a10a7cbc04b12af0b7a7d9187c1d40e167fa87 100644 (file)
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
@@ -24,6 +24,9 @@ overrides:
 tasks:
 - cephadm.deploy_samba_ad_dc:
     role: host.d
+- pexec:
+    all:
+      - setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:

diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
index 0aa55a53a3d60710938362cf1b46989979ade643..4f3bcb0a7351ed8378c746052a45feb70b9515c7 100644 (file)
--- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
+++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
@@ -26,6 +26,9 @@ tasks:
     role: host.d
 - vip:
     count: 2
+- pexec:
+    all:
+      - setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell: