From 98c8c0bf188efdc7fd74ada7f8250b22d94bc4b5 Mon Sep 17 00:00:00 2001
From: Bernard Cafarelli <bcafarel@redhat.com>
Date: Mon, 11 Dec 2017 13:12:02 +0100
Subject: [PATCH] Force SELinux context for amphora keepalived process

Similar to Ic8bf097499b00ca32dcb501aadfda59755039194, this fixes
keepalived running in ifconfig_t domain

Change-Id: I5da54f8867093ca69798d812c532fac004aab8f0
Story: 1646125
Task: 6086
---
 .../backends/agent/api_server/templates/keepalived.systemd.j2   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/octavia/amphorae/backends/agent/api_server/templates/keepalived.systemd.j2 b/octavia/amphorae/backends/agent/api_server/templates/keepalived.systemd.j2
index 6868cf73be..79919ec3c7 100644
--- a/octavia/amphorae/backends/agent/api_server/templates/keepalived.systemd.j2
+++ b/octavia/amphorae/backends/agent/api_server/templates/keepalived.systemd.j2
@@ -4,6 +4,8 @@ After=network-online.target
 Wants=network-online.target
 
 [Service]
+# Force context as we start keepalived under "ip netns exec"
+SELinuxContext=system_u:system_r:keepalived_t:s0
 Type=forking
 KillMode=process
 ExecStart=/sbin/ip netns exec {{ amphora_nsname }} {{ keepalived_cmd }} -D -d -f {{ keepalived_cfg }} -p {{ keepalived_pid }}