Force SELinux context for amphora keepalived process

Similar to Ic8bf097499b00ca32dcb501aadfda59755039194, this fixes keepalived running in ifconfig_t domain Change-Id: I5da54f8867093ca69798d812c532fac004aab8f0 Story: 1646125 Task: 6086
2017-12-11 13:12:02 +01:00 · 2017-12-11 13:12:02 +01:00 · 98c8c0bf18
parent f7bc994819
commit 98c8c0bf18
1 changed files with 2 additions and 0 deletions
--- a/octavia/amphorae/backends/agent/api_server/templates/keepalived.systemd.j2
+++ b/octavia/amphorae/backends/agent/api_server/templates/keepalived.systemd.j2
@ -4,6 +4,8 @@ After=network-online.target
 Wants=network-online.target

 [Service]
+# Force context as we start keepalived under "ip netns exec"
+SELinuxContext=system_u:system_r:keepalived_t:s0
 Type=forking
 KillMode=process
 ExecStart=/sbin/ip netns exec {{ amphora_nsname }} {{ keepalived_cmd }} -D -d -f {{ keepalived_cfg }} -p {{ keepalived_pid }}