Ensure we get the right SELinux context for config-data sub-dir

When docker was used, its "create host directory tree" feature was used. It apparently created directories with "container_var_lib_t" type, and this prevents podman container to access the content with AVC errors (permission denied). The following patch ensures we get a recursive chcon running. We're using "command" instead of "file" module because ansible doesn't like broken symlink (in fact, they are symlink with relative path within containers). Change-Id: I20d00c79fc898b0c4e535662ee6a70472e075b36
2019-01-03 15:33:36 +01:00 · 2019-01-03 15:33:36 +01:00 · ee7fbe5963
commit ee7fbe5963
parent 697cefb95e
1 changed files with 4 additions and 0 deletions
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@ -774,6 +774,10 @@ outputs:
                  loop_control:
                    loop_var: step
      upgrade_steps_tasks: |
+            - name: ensure we get the right selinux context
+              command: chcon -R -t svirt_sandbox_file_t /var/lib/config-data
+              args:
+                warn: no
 {%- for role in roles %}
            - import_tasks: {{role.name}}/upgrade_tasks.yaml
              when: tripleo_role_name == '{{role.name}}'