openstack
/
tripleo-heat-templates
Code Issues Proposed changes
Browse Source

Instance create fails due to wrong default secontext with NFS 

With NovaNfsEnabled instance create fails due to wrong default
secontext. The default in THT is set to nova_var_lib_t in
Ie4fe217bd119b638f42c682d21572547f02f17b2 while
system_u:object_r:nfs_t:s0 should have access. The virt_use_nfs
boolean, which is turned on by openstack-selinux, should cover
this use case.

This changes the default to context=system_u:object_r:nfs_t:s0

Change-Id: I2a28462b6f6bc9f8a41a81ea8c65471f05df3b85
Closes-Bug: 1781894
changes/13/582913/3
Martin Schuppert 4 years ago
parent
58cb630f75
commit
5dd4018141
4 changed files with 16 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      environments/storage-environment.yaml
  2. 2
      environments/storage/nova-nfs.yaml
  3. 2
      puppet/services/nova-compute.yaml
  4. 13
      releasenotes/notes/nova_nfs_default_secontext-5ad33675aaf0b521.yaml

2
environments/storage-environment.yaml
Unescape View File

@ -59,7 +59,7 @@ parameter_defaults:
## e.g. "'[fdd0::1]:/export/nova'")
# NovaNfsShare: ''
## Mount options for the NFS instance file storage mount point
# NovaNfsOptions: 'context=system_u:object_r:nova_var_lib_t:s0'
# NovaNfsOptions: 'context=system_u:object_r:nfs_t:s0'
#### CEPH SETTINGS ####

2
environments/storage/nova-nfs.yaml
Unescape View File

@ -11,7 +11,7 @@
parameter_defaults:
# NFS mount options for nova storage (when NovaNfsEnabled is true)
# Type: string
NovaNfsOptions: context=system_u:object_r:nova_var_lib_t:s0
NovaNfsOptions: context=system_u:object_r:nfs_t:s0
# NFS share to mount for nova storage (when NovaNfsEnabled is true)
# Type: string

2
puppet/services/nova-compute.yaml
Unescape View File

@ -65,7 +65,7 @@ parameters:
description: NFS share to mount for nova storage (when NovaNfsEnabled is true)
type: string
NovaNfsOptions:
default: 'context=system_u:object_r:nova_var_lib_t:s0'
default: 'context=system_u:object_r:nfs_t:s0'
description: NFS mount options for nova storage (when NovaNfsEnabled is true)
type: string
CinderEnableRbdBackend:

13
releasenotes/notes/nova_nfs_default_secontext-5ad33675aaf0b521.yaml
Unescape View File

@ -0,0 +1,13 @@
---
fixes:
- |
Instance create fails due to wrong default secontext with NFS
With NovaNfsEnabled instance create fails due to wrong default
secontext. The default in THT is set to nova_var_lib_t in
Ie4fe217bd119b638f42c682d21572547f02f17b2 while
system_u:object_r:nfs_t:s0 should have access. The virt_use_nfs
boolean, which is turned on by openstack-selinux, should cover
this use case.
This changes the default to context=system_u:object_r:nfs_t:s0
Write Preview
Loading…
Cancel
Save