From 9a1effd90d149ac9df759c0b8ee3d36661acb9f5 Mon Sep 17 00:00:00 2001
From: Chandan Kumar <chkumar@redhat.com>
Date: Wed, 3 Oct 2018 16:04:41 +0530
Subject: [PATCH] Add tempest workspace volume for tempest

* It also set proper setype for tempest service directories
This will allow proper access from the containers without any new SELinux policy.

* /var/lib/tempest will be used for creating tempest workspace.

Change-Id: Iedd397784c8b8d1bb891272542bd242c0ea60340
---
 docker/services/tempest.yaml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/docker/services/tempest.yaml b/docker/services/tempest.yaml
index d0ece8b7df..3902a3ef44 100644
--- a/docker/services/tempest.yaml
+++ b/docker/services/tempest.yaml
@@ -52,16 +52,20 @@ outputs:
             privileged: false
             user: root
             volumes:
-              - /var/log/containers/tempest:/var/log/tempest
-            command: ['/bin/bash', '-c', 'chown -R tempest:tempest /var/log/tempest']
+              - /var/log/containers/tempest:/var/log/tempest:z
+              - /var/lib/tempestdata:/var/lib/tempest:z
+            command: ['/bin/bash', '-c', 'chown -R tempest:tempest /var/log/tempest /var/lib/tempest']
       host_prep_tasks:
         - name: create persistent logs directory
           file:
-            path: "{{ item }}"
+            path: "{{ item.path }}"
             state: directory
+            setype: "{{ item.setype }}"
           with_items:
-            - /var/log/containers/tempest
-            - /var/log/tempest
+            - { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t }
+            - { 'path': /var/log/tempest, 'setype': svirt_sandbox_file_t }
+            - { 'path': /var/lib/tempestdata, 'setype': svirt_sandbox_file_t }
+            - { 'path': /var/lib/tempest, 'setype': svirt_sandbox_file_t }
         - name: Tempest logs readme
           copy:
             dest: /var/log/tempest/readme.txt