Instance create fails due to wrong default secontext with NFS

With NovaNfsEnabled instance create fails due to wrong default
secontext. The default in THT is set to nova_var_lib_t in
Ie4fe217bd119b638f42c682d21572547f02f17b2 while
system_u:object_r:nfs_t:s0 should have access. The virt_use_nfs
boolean, which is turned on by openstack-selinux, should cover
this use case.

This changes the default to context=system_u:object_r:nova_t:s0

Change-Id: I2a28462b6f6bc9f8a41a81ea8c65471f05df3b85
Closes-Bug: 1781894
This commit is contained in:
Martin Schuppert 2018-07-16 12:05:06 +02:00
parent 58cb630f75
commit 37391bdd73
2 changed files with 14 additions and 1 deletions

View File

@ -65,7 +65,7 @@ parameters:
description: NFS share to mount for nova storage (when NovaNfsEnabled is true)
type: string
NovaNfsOptions:
default: 'context=system_u:object_r:nova_var_lib_t:s0'
default: 'context=system_u:object_r:nfs_t:s0'
description: NFS mount options for nova storage (when NovaNfsEnabled is true)
type: string
CinderEnableRbdBackend:

View File

@ -0,0 +1,13 @@
---
fixes:
- |
Instance create fails due to wrong default secontext with NFS
With NovaNfsEnabled instance create fails due to wrong default
secontext. The default in THT is set to nova_var_lib_t in
Ie4fe217bd119b638f42c682d21572547f02f17b2 while
system_u:object_r:nfs_t:s0 should have access. The virt_use_nfs
boolean, which is turned on by openstack-selinux, should cover
this use case.
This changes the default to context=system_u:object_r:nova_t:s0