Fix selinux label issues

author Teoman ONAY <tonay@ibm.com>

Tue, 14 Mar 2023 11:26:56 +0000 (12:26 +0100)

committer Teoman ONAY <tonay@redhat.com>

Tue, 11 Jul 2023 09:35:19 +0000 (11:35 +0200)
author Teoman ONAY <tonay@ibm.com>
Tue, 14 Mar 2023 11:26:56 +0000 (12:26 +0100)
committer Teoman ONAY <tonay@redhat.com>
Tue, 11 Jul 2023 09:35:19 +0000 (11:35 +0200)
diff --git a/roles/ceph-crash/templates/ceph-crash.service.j2 b/roles/ceph-crash/templates/ceph-crash.service.j2

index 578675d1dbe068f7f41701b4b5d2c36e31fda3a7..8b54a722cddb780e31f5b32febf67cc543d385ce 100644 (file)
--- a/roles/ceph-crash/templates/ceph-crash.service.j2
+++ b/roles/ceph-crash/templates/ceph-crash.service.j2
@@ -19,6 +19,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-crash-%i \
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+--security-opt label=disable \
  --net=host \
  -v /var/lib/ceph:/var/lib/ceph:z \
  -v /etc/localtime:/etc/localtime:ro \
diff --git a/roles/ceph-mds/templates/ceph-mds.service.j2 b/roles/ceph-mds/templates/ceph-mds.service.j2

index 59338e8fa1e44192e5ea057608f48250f2633581..0924b0d2f9a004db74796e8ca1dc5d8f38ce8434 100644 (file)
--- a/roles/ceph-mds/templates/ceph-mds.service.j2
+++ b/roles/ceph-mds/templates/ceph-mds.service.j2
@@ -25,6 +25,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
    -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+  --security-opt label=disable \
    --memory={{ ceph_mds_docker_memory_limit }} \
    --cpus={{ cpu_limit }} \
    -v /var/lib/ceph:/var/lib/ceph:z \
diff --git a/roles/ceph-mgr/templates/ceph-mgr.service.j2 b/roles/ceph-mgr/templates/ceph-mgr.service.j2

index 338fbe7930dc9fa768df5340d2df6926601be866..16472334c7ef50e8343ebaebad6226543c995489 100644 (file)
--- a/roles/ceph-mgr/templates/ceph-mgr.service.j2
+++ b/roles/ceph-mgr/templates/ceph-mgr.service.j2
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
    -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+  --security-opt label=disable \
    --memory={{ ceph_mgr_docker_memory_limit }} \
    --cpus={{ ceph_mgr_docker_cpu_limit }} \
    -v /var/lib/ceph:/var/lib/ceph:z,rshared \
diff --git a/roles/ceph-nfs/templates/ceph-nfs.service.j2 b/roles/ceph-nfs/templates/ceph-nfs.service.j2

index 82c0c1c8a662c25f4ac8c328d809d2af76b8157d..452b39e13eadd34c557a70e70047884e7595142e 100644 (file)
--- a/roles/ceph-nfs/templates/ceph-nfs.service.j2
+++ b/roles/ceph-nfs/templates/ceph-nfs.service.j2
@@ -23,12 +23,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
    -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
-<<<<<<< HEAD
-  -v /var/lib/ceph:/var/lib/ceph:z \
-=======
    --security-opt label=disable \
    -v /var/lib/ceph/bootstrap-rgw/:/var/lib/ceph/bootstrap-rgw:z \
->>>>>>> c1b541f69 (Fixes selinux relabeling issue for nfs container)
    -v /etc/ceph:/etc/ceph:z \
    -v /var/lib/nfs/ganesha:/var/lib/nfs/ganesha:z \
    -v /etc/ganesha:/etc/ganesha:z \
diff --git a/roles/ceph-osd/templates/ceph-osd.service.j2 b/roles/ceph-osd/templates/ceph-osd.service.j2

index c0bb78fd28d38870c49ce64fdaa3bafb6b4f39d6..3f8ab6d980f73f9a4d620db8ebdc405d07389038 100644 (file)
--- a/roles/ceph-osd/templates/ceph-osd.service.j2
+++ b/roles/ceph-osd/templates/ceph-osd.service.j2
@@ -30,6 +30,7 @@ numactl \
    -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
  {% endif %}
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
+  --security-opt label=disable \
    --rm \
    --net=host \
    --privileged=true \
diff --git a/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2 b/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2

index 22e6b49ec1aaed4c61c323c0ac1dcdcc83ef5a6a..79e4bf438c82720cf7942bddf6a95ff92792ef89 100644 (file)
--- a/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2
+++ b/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2
@@ -26,7 +26,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
    --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
    --memory={{ ceph_rbd_mirror_docker_memory_limit }} \
    --cpus={{ ceph_rbd_mirror_docker_cpu_limit }} \
-  -v /var/lib/ceph:/var/lib/ceph:z \
+  --security-opt label=disable \
+  -v /var/lib/ceph/bootstrap-rbd-mirror:/var/lib/ceph/bootstrap-rbd-mirror:Z \
    -v /etc/ceph:/etc/ceph:z \
    -v /var/run/ceph:/var/run/ceph:z \
    -v /etc/localtime:/etc/localtime:ro \
author	Teoman ONAY <tonay@ibm.com>
	Tue, 14 Mar 2023 11:26:56 +0000 (12:26 +0100)
committer	Teoman ONAY <tonay@redhat.com>
	Tue, 11 Jul 2023 09:35:19 +0000 (11:35 +0200)
roles/ceph-crash/templates/ceph-crash.service.j2		patch \| blob \| history
roles/ceph-mds/templates/ceph-mds.service.j2		patch \| blob \| history
roles/ceph-mgr/templates/ceph-mgr.service.j2		patch \| blob \| history
roles/ceph-nfs/templates/ceph-nfs.service.j2		patch \| blob \| history
roles/ceph-osd/templates/ceph-osd.service.j2		patch \| blob \| history
roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2		patch \| blob \| history