From 7ac642644115532eb23c7ca0786e7a1ea14379f1 Mon Sep 17 00:00:00 2001
From: Oliver Walsh <owalsh@redhat.com>
Date: Thu, 2 Apr 2020 11:28:30 +0100
Subject: [PATCH] Fix selinux denial on centos8/rhel8 when relabelling
 /var/lib/nova

Id5503ed274bd5dc0c5365cc994de7e5cdcbc2fb6 is failing with permission
denied on rhel8 due to a selinux denial.

Change-Id: If7a565cdb14282261125d4e32488bb9c5ebc504e
Related-bug: #1869020
(cherry picked from commit cb889805334a7cd7325b2a9a1efe2bd00bd48c31)
---
 deployment/nova/nova-compute-container-puppet.yaml | 1 +
 deployment/nova/nova-ironic-container-puppet.yaml  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/deployment/nova/nova-compute-container-puppet.yaml b/deployment/nova/nova-compute-container-puppet.yaml
index 7bba1dafab..fc0fd05e29 100644
--- a/deployment/nova/nova-compute-container-puppet.yaml
+++ b/deployment/nova/nova-compute-container-puppet.yaml
@@ -742,6 +742,7 @@ outputs:
             image: &nova_compute_image {get_param: ContainerNovaComputeImage}
             net: none
             user: root
+            security_opt: label=disable
             privileged: false
             detach: false
             volumes:
diff --git a/deployment/nova/nova-ironic-container-puppet.yaml b/deployment/nova/nova-ironic-container-puppet.yaml
index 1f334eaa49..8576815a00 100644
--- a/deployment/nova/nova-ironic-container-puppet.yaml
+++ b/deployment/nova/nova-ironic-container-puppet.yaml
@@ -150,6 +150,7 @@ outputs:
             image: &nova_ironic_image {get_param: ContainerNovaComputeIronicImage}
             net: none
             user: root
+            security_opt: label=disable
             privileged: false
             detach: false
             volumes: