From f664302c3deb539c0f59fa5b1eff48449acf6b85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Mon, 11 Oct 2021 15:41:35 +0200
Subject: [PATCH] Enable new SELinux boolean for vTPM support

In order to get a working vTPM support in containers, we need to enable
a new SELinux boolean provided by openstack-selinux[1].

This patch affects only the deprecated
nova-libvirt-container-puppet.yaml template in order to do a clean
backport to stable/Wallaby and stable/Victoria.

[1] https://github.com/redhat-openstack/openstack-selinux/pull/80

Change-Id: I1d2368135f7b0a83dec2192c242c081e2f5127c1
Closes-Bug: #1902468
Resolves: rhbz#2007314
---
 .../deprecated/nova/nova-libvirt-container-puppet.yaml       | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/deployment/deprecated/nova/nova-libvirt-container-puppet.yaml b/deployment/deprecated/nova/nova-libvirt-container-puppet.yaml
index 2e499a3e92..591e3a4661 100644
--- a/deployment/deprecated/nova/nova-libvirt-container-puppet.yaml
+++ b/deployment/deprecated/nova/nova-libvirt-container-puppet.yaml
@@ -910,6 +910,11 @@ outputs:
                 dest: /etc/tmpfiles.d/run-libvirt.conf
                 content: |
                   d /run/libvirt 0755 root root - -
+            - name: Enable os_enable_vtpm SELinux boolean for vTPM
+              seboolean:
+                name: os_enable_vtpm
+                persistent: true
+                state: true
       metadata_settings:
         list_concat:
           - if: