Skip to content

Commit

Permalink
Adds SELinux custom module for the afterburn systemd units
Browse files Browse the repository at this point in the history
the afterburn systemd units fail as the SELinux domain of the afterburn binary is restricted from changing the content of files in /run, /run/metadata and /home/$user/.ssh. This commit adds a afterburn-custom.cil SELinux module to allow the afterburn services to succeed and the nodes to properly join a cluster. The module is loaded by the okd-selinux.service implemented by 336013f

Refers openshift#1555
  • Loading branch information
aleskandro committed Jul 19, 2024
1 parent 8b9e479 commit fd52060
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions overlay.d/50scos/usr/lib/okd/selinux/afterburn.cil
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
; https://issues.redhat.com/browse/RHEL-49735
(typeattributeset cil_gen_require afterburn_t)
(typepermissive afterburn_t)

0 comments on commit fd52060

Please sign in to comment.