From 76e284311a771740dcdc7b5a8d6c7f4fcfb0fff5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Mon, 27 Jul 2020 08:01:10 +0200 Subject: [PATCH] Remove redundant file management for /run/redis We can remove the systemd options since the directory is managed by tmpdir, and the mount has the needed "z" flag for relabelling. The RuntimeDirectory instructs systemd to create AND remove the directory - this might lead to an issue where init_t isn't allowed to unlink a container_file_t file/directory The ExecStartPre is running in init_t context, and might be denied to chcon file/directory to container_file_t. It should resolves rhbz#1860423 while making things cleaner and clearer. This is also the only place where we actually use the `systemd_exec_flags`. Change-Id: Ie938d9dd7d74db3907eb546765236b025bff1abe (cherry picked from commit 9b894ecb69d1a0875c89cc20cf4ecf7ffdd79a16) (cherry picked from commit c59f31ea4de23f173abb698dbc08be69b3f85385) --- deployment/database/redis-container-puppet.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deployment/database/redis-container-puppet.yaml b/deployment/database/redis-container-puppet.yaml index ba10ad44e9..b9bbb5f4c8 100644 --- a/deployment/database/redis-container-puppet.yaml +++ b/deployment/database/redis-container-puppet.yaml @@ -167,9 +167,6 @@ outputs: net: host privileged: false restart: always - systemd_exec_flags: - RuntimeDirectory: redis - ExecStartPre: /bin/chcon -t svirt_sandbox_file_t /var/run/redis healthcheck: test: /openstack/healthcheck volumes: