From c59f31ea4de23f173abb698dbc08be69b3f85385 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Mon, 27 Jul 2020 08:01:10 +0200
Subject: [PATCH] Remove redundant file management for /run/redis

We can remove the systemd options since the directory is managed by
tmpdir, and the mount has the needed "z" flag for relabelling.

The RuntimeDirectory instructs systemd to create AND remove the
directory - this might lead to an issue where init_t isn't allowed to
unlink a container_file_t file/directory

The ExecStartPre is running in init_t context, and might be denied to
chcon file/directory to container_file_t.

It should resolves rhbz#1860423 while making things cleaner and clearer.
This is also the only place where we actually use the
`systemd_exec_flags`.

Change-Id: Ie938d9dd7d74db3907eb546765236b025bff1abe
(cherry picked from commit 9b894ecb69d1a0875c89cc20cf4ecf7ffdd79a16)
---
 deployment/database/redis-container-puppet.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/deployment/database/redis-container-puppet.yaml b/deployment/database/redis-container-puppet.yaml
index 6918ae6389..defa885964 100644
--- a/deployment/database/redis-container-puppet.yaml
+++ b/deployment/database/redis-container-puppet.yaml
@@ -167,9 +167,6 @@ outputs:
                 net: host
                 privileged: false
                 restart: always
-                systemd_exec_flags:
-                  RuntimeDirectory: redis
-                  ExecStartPre: /bin/chcon -t container_file_t /var/run/redis
                 healthcheck:
                   test: /openstack/healthcheck
                 volumes: