Fix selinux context for glance-api
Remove the z flag from glance-api's service directory. The service
directory does not need to be shared with other containers, and
podman fails to apply setting with glance is using NFS (i.e.
/var/lib/glance/images is a mount point).
Also update the NFS mount options to use svirt_sandbox_file_t, which
is consistent with the parent service directory.
Closes-Bug: #1834857
Closes-Bug: #1844465
Change-Id: I7e135615fb53815ce14a3bcfec42b28f86d6dbae
(cherry picked from commit aa1f4bf621
)
This commit is contained in:
parent
6a0d99265b
commit
fb431ccebe
|
@ -111,7 +111,7 @@ parameters:
|
|||
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
|
||||
type: string
|
||||
GlanceNfsOptions:
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0'
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||
description: >
|
||||
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||
type: string
|
||||
|
@ -165,7 +165,7 @@ parameters:
|
|||
URI that specifies the staging location to use when importing images
|
||||
type: string
|
||||
GlanceStagingNfsOptions:
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0'
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||
description: >
|
||||
NFS mount options for NFS image import staging
|
||||
type: string
|
||||
|
@ -538,7 +538,7 @@ outputs:
|
|||
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
|
||||
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
|
||||
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
|
||||
- /var/lib/glance:/var/lib/glance:slave,z
|
||||
- /var/lib/glance:/var/lib/glance:slave
|
||||
-
|
||||
if:
|
||||
- cinder_backend_enabled
|
||||
|
|
|
@ -49,7 +49,7 @@ parameter_defaults:
|
|||
## e.g. "'[fdd0::1]:/export/glance'")
|
||||
# GlanceNfsShare: ''
|
||||
## Mount options for the NFS image storage mount point
|
||||
# GlanceNfsOptions: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
|
||||
# GlanceNfsOptions: 'intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||
|
||||
|
||||
#### NOVA NFS SETTINGS ####
|
||||
|
|
|
@ -19,7 +19,7 @@ parameter_defaults:
|
|||
|
||||
# NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||
# Type: string
|
||||
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0
|
||||
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
||||
|
||||
# NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
||||
# Type: string
|
||||
|
@ -31,7 +31,7 @@ parameter_defaults:
|
|||
|
||||
# NFS mount options for NFS image import staging
|
||||
# Type: string
|
||||
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0
|
||||
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
||||
|
||||
# NFS share to mount for image import staging
|
||||
# Type: string
|
||||
|
|
Loading…
Reference in New Issue