57c7149488
Until now, running a restorecon could break the SELinux labels. In order
to avoid such an issue, we can override the existing rules pushed in
/etc/selinux/targeted/contexts/ using fcontext. It makes the change
persistent across reboots.
Please note the following:
- sefcontext triggers a policy reload
- fcontext doesn't actually apply the labels
- creating the fcontext entry before creating the file allows to get the
file created with the right labels directly
- we have to ensure SELinux is enabled on the host before actually
creating the rules.
Change-Id: I6ce262a6e77a4d40b6ff246240d21390289cc54b
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| converge.yml | ||
| Dockerfile | ||
| molecule.yml | ||
| prepare.yml | ||