From cb889805334a7cd7325b2a9a1efe2bd00bd48c31 Mon Sep 17 00:00:00 2001
From: Oliver Walsh <owalsh@redhat.com>
Date: Thu, 2 Apr 2020 11:28:30 +0100
Subject: [PATCH] Fix selinux denial on centos8/rhel8 when relabelling
 /var/lib/nova

Id5503ed274bd5dc0c5365cc994de7e5cdcbc2fb6 is failing with permission
denied on rhel8 due to a selinux denial.

Change-Id: If7a565cdb14282261125d4e32488bb9c5ebc504e
Related-bug: #1869020
---
 deployment/nova/nova-compute-container-puppet.yaml | 1 +
 deployment/nova/nova-ironic-container-puppet.yaml  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/deployment/nova/nova-compute-container-puppet.yaml b/deployment/nova/nova-compute-container-puppet.yaml
index 6c1168ad7f..c4c959bc7d 100644
--- a/deployment/nova/nova-compute-container-puppet.yaml
+++ b/deployment/nova/nova-compute-container-puppet.yaml
@@ -771,6 +771,7 @@ outputs:
             image: &nova_compute_image {get_param: ContainerNovaComputeImage}
             net: none
             user: root
+            security_opt: label=disable
             privileged: false
             detach: false
             volumes:
diff --git a/deployment/nova/nova-ironic-container-puppet.yaml b/deployment/nova/nova-ironic-container-puppet.yaml
index c77743dc7c..dc8e6faa7f 100644
--- a/deployment/nova/nova-ironic-container-puppet.yaml
+++ b/deployment/nova/nova-ironic-container-puppet.yaml
@@ -150,6 +150,7 @@ outputs:
             image: &nova_ironic_image {get_param: ContainerNovaComputeIronicImage}
             net: none
             user: root
+            security_opt: label=disable
             privileged: false
             detach: false
             volumes: