3115589f21
When enforcing SELinux, the commit enables the following SELinux booleans: - os_haproxy_enable_nsfs: it allows haproxy to run in a network namespace. - os_haproxy_ping: it allows calls to the ping command from haproxy (for PING HMs) - cluster_use_execmem Change-Id: I4b5199d13d122b56619c4a2d21e86a06bd0dc3bf
20 lines
400 B
Bash
Executable File
20 lines
400 B
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
enable_selinux_bool () {
|
|
policy=$1
|
|
if semanage boolean -l | grep $policy; then
|
|
echo "Enabling $policy SELinux policy"
|
|
semanage boolean -N -m --on $policy
|
|
fi
|
|
}
|
|
|
|
enable_selinux_bool os_haproxy_enable_nsfs
|
|
enable_selinux_bool os_haproxy_ping
|
|
enable_selinux_bool cluster_use_execmem
|