summaryrefslogtreecommitdiffstats
path: root/roles/etcd/templates/etcd.docker.service
diff options
context:
space:
mode:
authorDusty Mabe <dusty@dustymabe.com>2016-11-28 19:41:19 -0500
committerDusty Mabe <dusty@dustymabe.com>2016-11-28 20:04:24 -0500
commit64a8eae55bf09c6b258563230329a8f205a7bc3d (patch)
tree5f5c1c41d2ffe9725d5f41b190d821bd50533e63 /roles/etcd/templates/etcd.docker.service
parent9953d2502119a9669241e7596e3a643cbbc271ed (diff)
downloadopenshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.tar.gz
openshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.tar.bz2
openshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.tar.xz
openshift-64a8eae55bf09c6b258563230329a8f205a7bc3d.zip
fix selinux issues with etcd container
Make it so that we don't relabel /etc/etcd/ (via `:z`) on every run. Doing this causes systemd to fail accessing /etc/etcd/etcd.conf when trying to run the systemd unit file on the next run. Convert it from `:z` to `:ro` since we only need read-only access to the files. Fixes #2811
Diffstat (limited to 'roles/etcd/templates/etcd.docker.service')
-rw-r--r--roles/etcd/templates/etcd.docker.service2
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service
index cf957ede8..ae059b549 100644
--- a/roles/etcd/templates/etcd.docker.service
+++ b/roles/etcd/templates/etcd.docker.service
@@ -7,7 +7,7 @@ PartOf=docker.service
[Service]
EnvironmentFile=/etc/etcd/etcd.conf
ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }}
-ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
+ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:ro --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
ExecStop=/usr/bin/docker stop {{ etcd_service }}
SyslogIdentifier=etcd_container
Restart=always