Browse Source

Remove redundant file management for /run/redis

We can remove the systemd options since the directory is managed by
tmpdir, and the mount has the needed "z" flag for relabelling.

The RuntimeDirectory instructs systemd to create AND remove the
directory - this might lead to an issue where init_t isn't allowed to
unlink a container_file_t file/directory

The ExecStartPre is running in init_t context, and might be denied to
chcon file/directory to container_file_t.

It should resolves rhbz#1860423 while making things cleaner and clearer.
This is also the only place where we actually use the
`systemd_exec_flags`.

Change-Id: Ie938d9dd7d74db3907eb546765236b025bff1abe
(cherry picked from commit 9b894ecb69)
(cherry picked from commit c59f31ea4d)
changes/65/743965/1
Cédric Jeanneret 2 weeks ago
committed by Emilien Macchi
parent
commit
76e284311a
1 changed files with 0 additions and 3 deletions
  1. +0
    -3
      deployment/database/redis-container-puppet.yaml

+ 0
- 3
deployment/database/redis-container-puppet.yaml View File

@@ -167,9 +167,6 @@ outputs:
net: host
privileged: false
restart: always
systemd_exec_flags:
RuntimeDirectory: redis
ExecStartPre: /bin/chcon -t svirt_sandbox_file_t /var/run/redis
healthcheck:
test: /openstack/healthcheck
volumes:


Loading…
Cancel
Save