tripleo-heat-templates

History

Cédric Jeanneret ae5fa916f7 Enable CAP_AUDIT_WRITE for some containers/steps Usually, db_sync involves call to "sudo". Such call are now logging a warning/error in the host log due to a recently removed capability in podman, the CAP_AUDIT_WRITE. This capability allows containers to write in the audit log whenever there's a security related thing. Sudo isn't the only one needing this access - sshd also writes in the audit. Since the nova-migration-target runs sshd, enabling the capability in there will ensure we're keeping clean track of the accesses. Change-Id: I8972b16254b141e7102ea87cb6c0d489d8426751 Closes-Bug: #1991219	2022-10-03 13:31:59 +02:00
..
placement-api-container-puppet.yaml	Enable CAP_AUDIT_WRITE for some containers/steps	2022-10-03 13:31:59 +02:00

Cédric Jeanneret ae5fa916f7 Enable CAP_AUDIT_WRITE for some containers/steps

Usually, db_sync involves call to "sudo". Such call are now logging a
warning/error in the host log due to a recently removed capability in
podman, the CAP_AUDIT_WRITE. This capability allows containers to write
in the audit log whenever there's a security related thing.

Sudo isn't the only one needing this access - sshd also writes in the
audit. Since the nova-migration-target runs sshd, enabling the
capability in there will ensure we're keeping clean track of the
accesses.

Change-Id: I8972b16254b141e7102ea87cb6c0d489d8426751
Closes-Bug: #1991219

2022-10-03 13:31:59 +02:00

placement-api-container-puppet.yaml

Enable CAP_AUDIT_WRITE for some containers/steps

2022-10-03 13:31:59 +02:00