Fix selinux label issues

author Teoman ONAY <tonay@ibm.com>

Tue, 14 Mar 2023 11:26:56 +0000 (12:26 +0100)

committer Guillaume Abrioux <gabrioux@ibm.com>

Wed, 15 Mar 2023 14:51:00 +0000 (15:51 +0100)
author Teoman ONAY <tonay@ibm.com>
Tue, 14 Mar 2023 11:26:56 +0000 (12:26 +0100)
committer Guillaume Abrioux <gabrioux@ibm.com>
Wed, 15 Mar 2023 14:51:00 +0000 (15:51 +0100)
diff --git a/roles/ceph-crash/templates/ceph-crash.service.j2 b/roles/ceph-crash/templates/ceph-crash.service.j2

index 1a7b0f012f204034f70412c4ac201096fac01dcc..1424eda83673d4ffe45f5a64d794e54afdd9b570 100644 (file)
--- a/roles/ceph-crash/templates/ceph-crash.service.j2
+++ b/roles/ceph-crash/templates/ceph-crash.service.j2
@@ -19,6 +19,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-crash-%i \
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+--security-opt label=disable \
  --net=host \
  {% if cluster != 'ceph' %}
  -e CEPH_ARGS="--cluster {{ cluster }}" \
diff --git a/roles/ceph-mds/templates/ceph-mds.service.j2 b/roles/ceph-mds/templates/ceph-mds.service.j2

index fc34cc48c3fb19958eb771a0bdace46b0f59aa72..183dbf87e394fcd734626f882c133878c3b737ab 100644 (file)
--- a/roles/ceph-mds/templates/ceph-mds.service.j2
+++ b/roles/ceph-mds/templates/ceph-mds.service.j2
@@ -25,6 +25,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
    -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+  --security-opt label=disable \
    --memory={{ ceph_mds_docker_memory_limit }} \
    --cpus={{ cpu_limit }} \
    -v /var/lib/ceph/mds:/var/lib/ceph/mds:z \
diff --git a/roles/ceph-mgr/templates/ceph-mgr.service.j2 b/roles/ceph-mgr/templates/ceph-mgr.service.j2

index 3ba9a11d6198626c465f1ad9cda74b4f18216042..aee87a6abbed753cdff5ae3cf4a96efac704ac7e 100644 (file)
--- a/roles/ceph-mgr/templates/ceph-mgr.service.j2
+++ b/roles/ceph-mgr/templates/ceph-mgr.service.j2
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
    -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+  --security-opt label=disable \
    --memory={{ ceph_mgr_docker_memory_limit }} \
    --cpus={{ ceph_mgr_docker_cpu_limit }} \
    -v /var/lib/ceph/mgr:/var/lib/ceph/mgr:z,rshared \
diff --git a/roles/ceph-osd/templates/ceph-osd.service.j2 b/roles/ceph-osd/templates/ceph-osd.service.j2

index 9258305ab7c0b80c3158599bd3b35f2346b8a488..9ea33bc7748163f7050f7f5859682ec942a98778 100644 (file)
--- a/roles/ceph-osd/templates/ceph-osd.service.j2
+++ b/roles/ceph-osd/templates/ceph-osd.service.j2
@@ -30,6 +30,7 @@ numactl \
    -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+  --security-opt label=disable \
    --rm \
    --net=host \
    --privileged=true \
diff --git a/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2 b/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2

index 9a40cb4ac6f334e2f8d147b6cb1a648c49178378..79e4bf438c82720cf7942bddf6a95ff92792ef89 100644 (file)
--- a/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2
+++ b/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2
@@ -26,6 +26,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
    --memory={{ ceph_rbd_mirror_docker_memory_limit }} \
    --cpus={{ ceph_rbd_mirror_docker_cpu_limit }} \
+  --security-opt label=disable \
    -v /var/lib/ceph/bootstrap-rbd-mirror:/var/lib/ceph/bootstrap-rbd-mirror:Z \
    -v /etc/ceph:/etc/ceph:z \
    -v /var/run/ceph:/var/run/ceph:z \
author	Teoman ONAY <tonay@ibm.com>
	Tue, 14 Mar 2023 11:26:56 +0000 (12:26 +0100)
committer	Guillaume Abrioux <gabrioux@ibm.com>
	Wed, 15 Mar 2023 14:51:00 +0000 (15:51 +0100)
roles/ceph-crash/templates/ceph-crash.service.j2		patch \| blob \| history
roles/ceph-mds/templates/ceph-mds.service.j2		patch \| blob \| history
roles/ceph-mgr/templates/ceph-mgr.service.j2		patch \| blob \| history
roles/ceph-osd/templates/ceph-osd.service.j2		patch \| blob \| history
roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2		patch \| blob \| history