Systemd needs to access container_file_t for side-cars

[cjeanner]

Neutron "side-cars" containers are now managed by Systemd instead of
in-container wrappers.
Basically, Systemd is instructed to check a certain location and take
action upon file creation|change|deletion. Since this "flag" is managed
from within neutron container(s), Systemd must be allowed to go in
there.

Related: https://bugs.launchpad.net/tripleo/+bug/1853652

[raukadah]

Let's try that :-)

[jpichon]

One small additional changes is required as the test file is currently a no-op:

https://github.com/redhat-openstack/openstack-selinux/blob/master/Makefile#L73-L74

Test files are installed in two steps at the moment to preserve the correct mode. Unfortunately only test files starting with bz are copied over so we'll want to add something for lp.

Looks like that could be fixed with 2 changes:

• ${INSTALL} -m 0644 tests/bz* tests/lp* ${LOCALDIR}/tests on the Makefile
• Changing TEST_FILES to also list lp* in tests/check_all (TEST_FILES=$(/bin/ls -1 bz* lp*))

Hope that makes sense. Thank you!

[cjeanner]

Change added as a new commit in order to be keep the "one change one commit" idea.

[jpichon]

Looks good to me!! Thanks