From 6d4591723ba89dada9814118e2c14e08d4e4179a Mon Sep 17 00:00:00 2001
From: Adam King <adking@redhat.com>
Date: Thu, 24 Mar 2022 09:59:10 -0400
Subject: [PATCH] cephadm: pass "--security-opt label=disable" to node-exporter
 container

in order to support setting '--path.procfs=/host/proc','--path.sysfs=/host/sys',
'--path.rootfs=/rootfs' for node-exporter we need to disable selinux separation
between the node-exporter container and the host to avoid selinux denials

Signed-off-by: Adam King <adking@redhat.com>
---
 src/cephadm/cephadm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index 47afc1fb915e..d744dbad9c5f 100755
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -2807,6 +2807,11 @@ def get_container(ctx: CephadmContext,
             # by ubuntu 18.04 kernel!)
         ]
         container_args.extend(monitoring_args)
+        if daemon_type == 'node-exporter':
+            # in order to support setting '--path.procfs=/host/proc','--path.sysfs=/host/sys',
+            # '--path.rootfs=/rootfs' for node-exporter we need to disable selinux separation
+            # between the node-exporter container and the host to avoid selinux denials
+            container_args.extend(['--security-opt', 'label=disable'])
     elif daemon_type == 'crash':
         ceph_args = ['-n', name]
     elif daemon_type in Ceph.daemons:
-- 
2.47.3