So the rule of thumb I propose is "if a container bind-mounts /run
(/var/run), make it privileged to not mess with SELinux enforcing". I've
yet to found better alternatives to allow containers access the host
sockets.
Additionally, the patch allows developers of t-h-t docker/services to
not
Hi.
I've made some progress with containerized undercloud deployment guide
and SELinux enforcing ( the bug [0] and the topic [1] ).
Although I'm now completely stuck [2] with fixing t-h-t's
docker/services to nail the selinux thing fully, including the
containerized *overclouds* part. The main
Hello folks.
I need your feedback please on SELinux fixes [0] (or rather workarounds)
for containerized undercloud feature, which is experimental in Pike.
[TL;DR] The problem I'm trying to solve is primarily allowing TripleO
users to follow the guide [1] w/o telling them "please disable