From f834c26d59e87b958928d287e3623b374e0fd94d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Mon, 11 Oct 2021 15:44:35 +0200 Subject: [PATCH] Enable new SELinux boolean for vTPM support In order to get a working vTPM support in containers, we need to enable a new SELinux boolean provided by openstack-selinux[1] This patch affects only nova-modular-libvirt-container-puppet.yaml for master and future releases. [1] https://github.com/redhat-openstack/openstack-selinux/pull/80 Change-Id: I0db66dd124e3e02fd2fe3c729dc0fb3eeafec7a0 Closes-Bug: #1902468 Resolves: rhbz#2007314 --- deployment/nova/nova-modular-libvirt-container-puppet.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deployment/nova/nova-modular-libvirt-container-puppet.yaml b/deployment/nova/nova-modular-libvirt-container-puppet.yaml index 56cd0a0ab3..747f5e3301 100644 --- a/deployment/nova/nova-modular-libvirt-container-puppet.yaml +++ b/deployment/nova/nova-modular-libvirt-container-puppet.yaml @@ -952,6 +952,11 @@ outputs: dest: /etc/tmpfiles.d/run-libvirt.conf content: | d /run/libvirt 0755 root root - - + - name: Enable os_enable_vtpm SELinux boolean for vTPM + seboolean: + name: os_enable_vtpm + persistent: true + state: true metadata_settings: list_concat: - if: