diff options
author | Dusty Mabe <dusty@dustymabe.com> | 2016-11-28 19:41:19 -0500 |
---|---|---|
committer | Dusty Mabe <dusty@dustymabe.com> | 2016-11-28 20:04:24 -0500 |
commit | 64a8eae55bf09c6b258563230329a8f205a7bc3d (patch) | |
tree | 5f5c1c41d2ffe9725d5f41b190d821bd50533e63 | |
parent | 9953d2502119a9669241e7596e3a643cbbc271ed (diff) | |
download | openshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.tar.gz openshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.tar.bz2 openshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.tar.xz openshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.zip |
fix selinux issues with etcd container
Make it so that we don't relabel /etc/etcd/ (via `:z`) on every run.
Doing this causes systemd to fail accessing /etc/etcd/etcd.conf when
trying to run the systemd unit file on the next run. Convert it from
`:z` to `:ro` since we only need read-only access to the files.
Fixes #2811
-rw-r--r-- | roles/etcd/templates/etcd.docker.service | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index cf957ede8..ae059b549 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -7,7 +7,7 @@ PartOf=docker.service [Service] EnvironmentFile=/etc/etcd/etcd.conf ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} -ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:ro --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} SyslogIdentifier=etcd_container Restart=always |