Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add :z to volume mount to fix the selinux context.
After merge of [1], In Downstream cockpit, triggering ruck_rover.py commands from inside telegraf_py3 container are failing with below error because of selinux issues. ~~~ [root@telegraf_py3 /]# ./usr/local/bin/ruck_rover.py --release osp16-2 --distro rhel-8 --component ui --influx . . OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt [root@telegraf_py3 pki]# ls ls: cannot open directory '.': Permission denied ~~~ We are not hitting above issue if we set selinux to permissive mode(setenforce 0) on host. As per[2], adding z to mount will automatically set the correct selinux context on host directory, docker will do this automatically "chcon -Rt svirt_sandbox_file_t /etc/pki". [1] https://review.rdoproject.org/r/c/rdo-infra/ci-config/+/39335 [2] https://web.archive.org/web/20190728100417/https://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/ Change-Id: Ib7a1dd246a7e23aa00b72e911beb87d3b096c137
- Loading branch information