Enable selinux in containers
We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3.
It will fail if security_inode_copy_up is not found in the kernel symbols:
https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661
NB this has been reduced to a warning upstream:
885b29df09
Instead this just bind mounts /sys/fs/selinux in containers-common.yaml.
Everything appears to work at initial glance. Pingtest succeeds, and
live-migration between baremetal and containerized computes works.
Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c
Depends-On: I521c5351ad6020911106464bf712cf92e6fb0fca
Closes-bug: #1715171
This commit is contained in:
parent
271a5c62a8
commit
520f889a31
|
@ -64,6 +64,7 @@ outputs:
|
|||
# Syslog socket
|
||||
- /dev/log:/dev/log
|
||||
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
- /sys/fs/selinux:/sys/fs/selinux
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- - list_join:
|
||||
|
|
Loading…
Reference in New Issue