From 0444025aaf559a662882abc49465b5e31a66280d Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Fri, 1 Nov 2019 11:01:42 -0500
Subject: [PATCH] ceph-daemon: do not relabel system directories

These are shared system directories and should not be relabled for use by
ceph containers.  (Also, trying to relabel /dev prevents the container
from starting, e.g.

# /bin/podman run -it --net=host  --privileged    -v /dev:/dev:z    --entrypoint bash centos
Error: relabel failed "/dev": SELinux relabeling of /dev is not allowed

)

Fixes: https://tracker.ceph.com/issues/42511
Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/ceph-daemon | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/ceph-daemon b/src/ceph-daemon
index 71cd85f9547b7..523e2980cc680 100755
--- a/src/ceph-daemon
+++ b/src/ceph-daemon
@@ -378,12 +378,12 @@ def get_container_mounts(fsid, daemon_type, daemon_id):
         mounts[data_dir + '/config'] = '/etc/ceph/ceph.conf:z'
 
     if daemon_type in ['mon', 'osd']:
-        mounts['/dev'] = '/dev:z'  # FIXME: narrow this down?
-        mounts['/run/udev'] = '/run/udev:z'
+        mounts['/dev'] = '/dev'  # FIXME: narrow this down?
+        mounts['/run/udev'] = '/run/udev'
     if daemon_type == 'osd':
-        mounts['/sys'] = '/sys:z'  # for numa.cc, pick_address, cgroups, ...
-        mounts['/run/lvm'] = '/run/lvm:z'
-        mounts['/run/lock/lvm'] = '/run/lock/lvm:z'
+        mounts['/sys'] = '/sys'  # for numa.cc, pick_address, cgroups, ...
+        mounts['/run/lvm'] = '/run/lvm'
+        mounts['/run/lock/lvm'] = '/run/lock/lvm'
 
     return mounts
 
-- 
2.39.5