Set the dnsmasq aa profile to complain
If a stock aa profile exists for dnsmasq (SUSE, Ubuntu) the nspawn deployment will fail due to the profile being strict. This change sets the profile to complain, which allows the deployment to succeed. The new tasks will detect a stock dnsmasq aa profile and set it to complain if found. Change-Id: Ie565b683d2f06e47f7a46497ce3c38d604a0fed6 Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This commit is contained in:
parent
ef4aef4802
commit
2f76119d7a
|
@ -13,7 +13,18 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- block:
|
||||
- name: Check for aa-profile
|
||||
stat:
|
||||
path: /etc/apparmor.d/usr.sbin.dnsmasq
|
||||
register: aa_profile
|
||||
|
||||
- name: Set dnsmasq aa profile to complain
|
||||
command: "aa-complain /etc/apparmor.d/usr.sbin.dnsmasq"
|
||||
when:
|
||||
- aa_profile.stat.exists | bool
|
||||
|
||||
- name: Add proxies when needed
|
||||
block:
|
||||
- name: Create machined proxy override unit directories
|
||||
file:
|
||||
path: "/etc/systemd/system/{{ item }}"
|
||||
|
|
|
@ -27,12 +27,16 @@ nspawn_network_utils:
|
|||
apt:
|
||||
iptables: /sbin/iptables
|
||||
ip: /sbin/ip
|
||||
ethtool: /sbin/ethtool
|
||||
yum:
|
||||
iptables: /usr/sbin/iptables
|
||||
ip: /usr/sbin/ip
|
||||
ethtool: /usr/sbin/ethtool
|
||||
zypper:
|
||||
iptables: /usr/sbin/iptables
|
||||
ip: /sbin/ip
|
||||
ethtool: /sbin/ethtool
|
||||
emerge:
|
||||
iptables: /usr/sbin/iptables
|
||||
ip: /bin/ip
|
||||
ethtool: /usr/sbin/ethtool
|
||||
|
|
Loading…
Reference in New Issue