Update nova's selinux policies

Nova needs permissions to /mnt/state/var/lib/nova and /mnt/state/var/log/nova. Change-Id: Ie1f23d5d11b725c77648b15ad0738f30ada36a83
2014-03-25 12:03:34 -07:00 · 2014-03-25 12:03:34 -07:00 · 188e33cd6c
commit 188e33cd6c
parent 78517e5a09
2 changed files with 12 additions and 0 deletions
--- a/elements/nova/os-refresh-config/configure.d/10-nova-state
+++ b/elements/nova/os-refresh-config/configure.d/10-nova-state
@ -1,3 +1,5 @@
 #!/bin/bash
 [ -d /mnt/state/var/lib/nova ] && exit 0
 install -D -d -o nova -g nova -m 0775 /mnt/state/var/lib/nova
+[ -d /mnt/state/var/log/nova ] && exit 0
+install -D -d -o nova -g nova -m 0775 /mnt/state/var/log/nova
--- a/elements/nova/os-refresh-config/configure.d/20-nova-selinux
+++ b/elements/nova/os-refresh-config/configure.d/20-nova-selinux
@ -0,0 +1,10 @@
+#!/bin/bash
+set -eu
+
+[ -x /usr/sbin/semanage ] || exit 0
+
+semanage fcontext -a -t nova_var_lib_t "/mnt/state/var/lib/nova(/.*)?"
+restorecon -Rv /mnt/state/var/lib/nova
+
+semanage fcontext -a -t nova_log_t "/mnt/state/var/log/nova(/.*)?"
+restorecon -Rv /mnt/state/var/log/nova