From 32f4db83c638af33225f2f2a58e141e535a619da Mon Sep 17 00:00:00 2001 From: Mike Fedosin Date: Tue, 11 Dec 2018 12:55:45 +0100 Subject: [PATCH] Fix access to /var/lib/haproxy when SELinux is enabled Currently we don't use relabeling of the folder when SELinux is enabled. This leads to the fact that we can not update the configuration of haproxy during the update, because of missing permissions. This commit adds the relabeling for the folder, which allows the container with haproxy to write into it. Closes-Bug: #1807933 Change-Id: Ie79aed5f5665658ea09e000a4847062e9207e25c --- docker/services/haproxy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 429d5960bf..f6fe901538 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -220,7 +220,7 @@ outputs: # the necessary bit and prevent systemd to try to reload the service in the container - /usr/libexec/iptables:/usr/libexec/iptables:ro - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - - /var/lib/haproxy:/var/lib/haproxy:rw + - /var/lib/haproxy:/var/lib/haproxy:rw,z environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS haproxy: @@ -236,7 +236,7 @@ outputs: - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro - - /var/lib/haproxy:/var/lib/haproxy:rw + - /var/lib/haproxy:/var/lib/haproxy:rw,z - if: - public_tls_enabled - - list_join: