tripleo-heat-templates/releasenotes/notes/containers-selinux-context-...

17 lines
657 B
YAML

---
upgrade: &notes
- |
The configuration management related directories managed by the
tripleo deployment tools and bind-mounted as docker volumes now
using the `:z` flag, which is a docker's equivalent for
`chcon -Rt svirt_sandbox_file_t -l s0`. This makes those
directories available for all containers on the host, in the
shared mode: `/var/lib/tripleo-config`, `/var/lib/docker-puppet`,
`/var/lib/kolla/config`, `/etc/puppet`,
`/usr/share/openstack-puppet/modules/`, `/var/lib/config-data`.
security: *notes
fixes:
- |
Allow containerized services to be executed on hosts with SELinux
in the enforcing mode.