From 0df7c6b7402ac370de410aecb91c064b3805e8c2 Mon Sep 17 00:00:00 2001
From: Tom Weininger <tweining@redhat.com>
Date: Mon, 2 May 2022 15:20:40 +0200
Subject: [PATCH] Remove unneeded sudo in lvs-masquerade.sh

Fixes issue with SELinux and the lvs-masquerade.sh script on the
amphora.
The script already runs with root permissions, so the use of sudo
inside the script is unneeded.

Change-Id: I63474acbcea5106ea702d21cb238aa57cef5d96d
(cherry picked from commit 72bdc0f88d2b9fa6fdf5ef879cb977d45ca0cc2e)
---
 .gitignore                                                  | 1 +
 .../amphora-agent/static/usr/local/bin/lvs-masquerade.sh    | 4 ++--
 ...linux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml | 6 ++++++
 3 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/fix-selinux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml

diff --git a/.gitignore b/.gitignore
index 826aad1947..d83eb6f602 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,6 +33,7 @@ tempest.log
 *~
 .eggs/
 .ropeproject/
+*.qcow2
 
 # Files created by releasenotes build
 releasenotes/build
diff --git a/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh b/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
index 5ce2a8ba77..91a7e5bca9 100755
--- a/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
+++ b/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
@@ -30,7 +30,7 @@ fi
 
 if [ "$1" == "add" ]; then
 
-    if [ -x "$(sudo bash -c 'command -v nft')" ]; then
+    if [ -x "$(command -v nft)" ]; then
         # Note: inet for nat requires a 5.2 or newer kernel.
         if [ "$2" == "ipv4" ]; then
             nft add table ip octavia-ipv4
@@ -77,7 +77,7 @@ if [ "$1" == "add" ]; then
 
 elif [ "$1" == "delete" ]; then
 
-    if [ -x "$(sudo bash -c 'command -v nft')" ]; then
+    if [ -x "$(command -v nft)" ]; then
         if [ "$2" == "ipv4" ]; then
             nft flush chain ip octavia-ipv4 ip-udp-masq
             nft delete chain ip octavia-ipv4 ip-udp-masq
diff --git a/releasenotes/notes/fix-selinux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml b/releasenotes/notes/fix-selinux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml
new file mode 100644
index 0000000000..4bcec13c8a
--- /dev/null
+++ b/releasenotes/notes/fix-selinux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixed issue with SELinux and the lvs-masquerade.sh script on the amphora.
+    The script already runs with root permissions, so the use of sudo inside the
+    script is unneeded.