Instance create fails due to wrong default secontext with NFS
With NovaNfsEnabled instance create fails due to wrong default secontext. The default in THT is set to nova_var_lib_t in Ie4fe217bd119b638f42c682d21572547f02f17b2 while system_u:object_r:nfs_t:s0 should have access. The virt_use_nfs boolean, which is turned on by openstack-selinux, should cover this use case. This changes the default to context=system_u:object_r:nfs_t:s0 Change-Id: I2a28462b6f6bc9f8a41a81ea8c65471f05df3b85 Closes-Bug: 1781894
This commit is contained in:
parent
58cb630f75
commit
5dd4018141
|
@ -59,7 +59,7 @@ parameter_defaults:
|
||||||
## e.g. "'[fdd0::1]:/export/nova'")
|
## e.g. "'[fdd0::1]:/export/nova'")
|
||||||
# NovaNfsShare: ''
|
# NovaNfsShare: ''
|
||||||
## Mount options for the NFS instance file storage mount point
|
## Mount options for the NFS instance file storage mount point
|
||||||
# NovaNfsOptions: 'context=system_u:object_r:nova_var_lib_t:s0'
|
# NovaNfsOptions: 'context=system_u:object_r:nfs_t:s0'
|
||||||
|
|
||||||
|
|
||||||
#### CEPH SETTINGS ####
|
#### CEPH SETTINGS ####
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
parameter_defaults:
|
parameter_defaults:
|
||||||
# NFS mount options for nova storage (when NovaNfsEnabled is true)
|
# NFS mount options for nova storage (when NovaNfsEnabled is true)
|
||||||
# Type: string
|
# Type: string
|
||||||
NovaNfsOptions: context=system_u:object_r:nova_var_lib_t:s0
|
NovaNfsOptions: context=system_u:object_r:nfs_t:s0
|
||||||
|
|
||||||
# NFS share to mount for nova storage (when NovaNfsEnabled is true)
|
# NFS share to mount for nova storage (when NovaNfsEnabled is true)
|
||||||
# Type: string
|
# Type: string
|
||||||
|
|
|
@ -65,7 +65,7 @@ parameters:
|
||||||
description: NFS share to mount for nova storage (when NovaNfsEnabled is true)
|
description: NFS share to mount for nova storage (when NovaNfsEnabled is true)
|
||||||
type: string
|
type: string
|
||||||
NovaNfsOptions:
|
NovaNfsOptions:
|
||||||
default: 'context=system_u:object_r:nova_var_lib_t:s0'
|
default: 'context=system_u:object_r:nfs_t:s0'
|
||||||
description: NFS mount options for nova storage (when NovaNfsEnabled is true)
|
description: NFS mount options for nova storage (when NovaNfsEnabled is true)
|
||||||
type: string
|
type: string
|
||||||
CinderEnableRbdBackend:
|
CinderEnableRbdBackend:
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Instance create fails due to wrong default secontext with NFS
|
||||||
|
|
||||||
|
With NovaNfsEnabled instance create fails due to wrong default
|
||||||
|
secontext. The default in THT is set to nova_var_lib_t in
|
||||||
|
Ie4fe217bd119b638f42c682d21572547f02f17b2 while
|
||||||
|
system_u:object_r:nfs_t:s0 should have access. The virt_use_nfs
|
||||||
|
boolean, which is turned on by openstack-selinux, should cover
|
||||||
|
this use case.
|
||||||
|
|
||||||
|
This changes the default to context=system_u:object_r:nfs_t:s0
|
Loading…
Reference in New Issue