Setting sebool container_manage_cgroup

debianmaster / openshift-examples

Openshift Examples - This repo does not provide end to end example but rather act as a rough draft for my work. use with caution. Buzzme at @twitter

https://twitter.com/debianmaster

280 stars 289 forks source link

Setting sebool container_manage_cgroup #74

Open debianmaster opened 5 years ago

debianmaster commented 5 years ago

vi roles/openshift_node/tasks/selinux_container_cgroup.yml

add when condition if selinux is disabled.

# Required in some selinux policy versions see
# https://bugzilla.redhat.com/show_bug.cgi?id=1587825
# https://bugzilla.redhat.com/show_bug.cgi?id=1549765
- name: Setting sebool container_manage_cgroup
  seboolean:
    name: container_manage_cgroup
    state: no
    persistent: yes
  when:
  - ansible_selinux
  - ansible_selinux.status == 'enabled'