Fix selinux context for glance-api
Remove the z flag from glance-api's service directory. The service
directory does not need to be shared with other containers, and
podman fails to apply setting with glance is using NFS (i.e.
/var/lib/glance/images is a mount point).
Also update the NFS mount options to use svirt_sandbox_file_t, which
is consistent with the parent service directory.
Closes-Bug: #1834857
Closes-Bug: #1844465
Change-Id: I7e135615fb53815ce14a3bcfec42b28f86d6dbae
(cherry picked from commit aa1f4bf621
)
This commit is contained in:
parent
6a0d99265b
commit
fb431ccebe
|
@ -111,7 +111,7 @@ parameters:
|
||||||
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
|
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
|
||||||
type: string
|
type: string
|
||||||
GlanceNfsOptions:
|
GlanceNfsOptions:
|
||||||
default: '_netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0'
|
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||||
description: >
|
description: >
|
||||||
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||||
type: string
|
type: string
|
||||||
|
@ -165,7 +165,7 @@ parameters:
|
||||||
URI that specifies the staging location to use when importing images
|
URI that specifies the staging location to use when importing images
|
||||||
type: string
|
type: string
|
||||||
GlanceStagingNfsOptions:
|
GlanceStagingNfsOptions:
|
||||||
default: '_netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0'
|
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||||
description: >
|
description: >
|
||||||
NFS mount options for NFS image import staging
|
NFS mount options for NFS image import staging
|
||||||
type: string
|
type: string
|
||||||
|
@ -538,7 +538,7 @@ outputs:
|
||||||
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
|
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
|
||||||
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
|
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
|
||||||
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
|
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
|
||||||
- /var/lib/glance:/var/lib/glance:slave,z
|
- /var/lib/glance:/var/lib/glance:slave
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- cinder_backend_enabled
|
- cinder_backend_enabled
|
||||||
|
|
|
@ -49,7 +49,7 @@ parameter_defaults:
|
||||||
## e.g. "'[fdd0::1]:/export/glance'")
|
## e.g. "'[fdd0::1]:/export/glance'")
|
||||||
# GlanceNfsShare: ''
|
# GlanceNfsShare: ''
|
||||||
## Mount options for the NFS image storage mount point
|
## Mount options for the NFS image storage mount point
|
||||||
# GlanceNfsOptions: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
|
# GlanceNfsOptions: 'intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||||
|
|
||||||
|
|
||||||
#### NOVA NFS SETTINGS ####
|
#### NOVA NFS SETTINGS ####
|
||||||
|
|
|
@ -19,7 +19,7 @@ parameter_defaults:
|
||||||
|
|
||||||
# NFS mount options for image storage (when GlanceNfsEnabled is true)
|
# NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||||
# Type: string
|
# Type: string
|
||||||
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0
|
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
||||||
|
|
||||||
# NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
# NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
||||||
# Type: string
|
# Type: string
|
||||||
|
@ -31,7 +31,7 @@ parameter_defaults:
|
||||||
|
|
||||||
# NFS mount options for NFS image import staging
|
# NFS mount options for NFS image import staging
|
||||||
# Type: string
|
# Type: string
|
||||||
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0
|
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
||||||
|
|
||||||
# NFS share to mount for image import staging
|
# NFS share to mount for image import staging
|
||||||
# Type: string
|
# Type: string
|
||||||
|
|
Loading…
Reference in New Issue