From bb2cd2b29ee2a2512998cc84419d2d9d70f98155 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Thu, 6 Apr 2023 21:34:54 +0900 Subject: [PATCH] CentOS: Enable os_dnsmasq_dac_override ... to avoid the following denial we've seen in CI. avc: denied { dac_override } for pid= comm="dnsmasq" capability=1 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:system_r:dnsmasq_t:s0 tclass=capability permissive=1 Change-Id: Icebf83caca27f9079e538d45432c894dfd071aae --- manifests/neutron.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/neutron.pp b/manifests/neutron.pp index 625f2d343..3ba279c5e 100644 --- a/manifests/neutron.pp +++ b/manifests/neutron.pp @@ -62,6 +62,13 @@ class openstack_integration::neutron ( persistent => true, value => on, } + + if $driver == 'openvswitch' or $driver == 'linuxbridge' { + selboolean { 'os_dnsmasq_dac_override': + persistent => true, + value => on, + } + } } openstack_integration::mq_user { 'neutron':