Fix access to /var/lib/haproxy when SELinux is enabled

Currently we don't use relabeling of the folder when SELinux is enabled. This leads to the fact that we can not update the configuration of haproxy during the update, because of missing permissions. This commit adds the relabeling for the folder, which allows the container with haproxy to write into it. Closes-Bug: #1807933 Change-Id: Ie79aed5f5665658ea09e000a4847062e9207e25c
2018-12-11 12:55:45 +01:00 · 2018-12-11 12:55:45 +01:00 · 32f4db83c6
parent a0cf19837b
commit 32f4db83c6
1 changed files with 2 additions and 2 deletions
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@ -220,7 +220,7 @@ outputs:
                    # the necessary bit and prevent systemd to try to reload the service in the container
                    - /usr/libexec/iptables:/usr/libexec/iptables:ro
                    - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
-                    - /var/lib/haproxy:/var/lib/haproxy:rw
+                    - /var/lib/haproxy:/var/lib/haproxy:rw,z
              environment:
                - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
            haproxy:
@ -236,7 +236,7 @@ outputs:
                  -
                    - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
                    - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
-                    - /var/lib/haproxy:/var/lib/haproxy:rw
+                    - /var/lib/haproxy:/var/lib/haproxy:rw,z
                  - if:
                    - public_tls_enabled
                    - - list_join: