CentOS: Enable os_dnsmasq_dac_override

... to avoid the following denial we've seen in CI. avc: denied { dac_override } for pid=<pid> comm="dnsmasq" capability=1 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:system_r:dnsmasq_t:s0 tclass=capability permissive=1 Change-Id: Icebf83caca27f9079e538d45432c894dfd071aae
2023-04-06 21:34:54 +09:00
parent 47ea9d4991
commit bb2cd2b29e
1 changed files with 7 additions and 0 deletions
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@@ -62,6 +62,13 @@ class openstack_integration::neutron (
      persistent => true,
      value      => on,
    }
+
+    if $driver == 'openvswitch' or $driver == 'linuxbridge' {
+      selboolean { 'os_dnsmasq_dac_override':
+        persistent => true,
+        value      => on,
+      }
+    }
  }

  openstack_integration::mq_user { 'neutron':