Fixes patching container with RHEL8 that uses buildah

buildah together with SELinux requires moutned folders to be redeable. This can be achieved by setting svirt_sandbox_file_t label on the files generated by the patch-components role. Change-Id: I57721f697628759fecda7d4d4d10b24fd85a7499
rhos-infra · Jun 2, 2020 · 3898af1 · 3898af1
1 parent df36562
commit 3898af1
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/main.yml b/main.yml
@@ -73,6 +73,11 @@
         mode: push
       when: "'undercloud' not in groups['tester'][0]"
 
+    - name: SELinux - svirt_sandbox_file_t - allow containers to read mounted patched_rpms
+      shell: >
+        chcon -Rt svirt_sandbox_file_t /patched_rpms
+      when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8' | default(false)
+
 - name: Cleanup
   hosts: localhost
   tasks: