Fix container_unit_file_t for rke2 unit file (#57)

Signed-off-by: galal-hussein <[email protected]>
rancher · Oct 30, 2023 · b5a602a · b5a602a
1 parent 4cd88c8
commit b5a602a
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 10 deletions.
diff --git a/policy/centos7/rke2-selinux.spec b/policy/centos7/rke2-selinux.spec
@@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove
 mkdir -p /var/lib/rancher/rke2/data; \
 mkdir -p /var/run/flannel; \
 mkdir -p /var/run/k3s; \
-restorecon -R -i /etc/systemd/system/rke2.service; \
-restorecon -R -i /usr/lib/systemd/system/rke2.service; \
+restorecon -R -i /etc/systemd/system/rke2*; \
+restorecon -R -i /usr/lib/systemd/system/rke2*; \
 restorecon -R /var/lib/cni; \
 restorecon -R /opt/cni; \
 restorecon -R /var/lib/kubelet; \

diff --git a/policy/centos7/rke2.fc b/policy/centos7/rke2.fc
@@ -3,6 +3,7 @@
 /etc/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /lib/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/local/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
+/usr/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/bin/rke2                                                       --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/bin/rke2                                                 --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /var/lib/cni(/.*)?                                                      gen_context(system_u:object_r:container_var_lib_t,s0)

diff --git a/policy/centos8/rke2-selinux.spec b/policy/centos8/rke2-selinux.spec
@@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove
 mkdir -p /var/lib/rancher/rke2/data; \
 mkdir -p /var/run/flannel; \
 mkdir -p /var/run/k3s; \
-restorecon -R -i /etc/systemd/system/rke2.service; \
-restorecon -R -i /usr/lib/systemd/system/rke2.service; \
+restorecon -R -i /etc/systemd/system/rke2*; \
+restorecon -R -i /usr/lib/systemd/system/rke2*; \
 restorecon -R /var/lib/cni; \
 restorecon -R /opt/cni; \
 restorecon -R /var/lib/kubelet; \

diff --git a/policy/centos8/rke2.fc b/policy/centos8/rke2.fc
@@ -7,6 +7,7 @@
 /etc/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /lib/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/local/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
+/usr/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/bin/rke2                                                       --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/bin/rke2                                                 --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 #/var/lib/cni(/.*)?                                                      gen_context(system_u:object_r:container_var_lib_t,s0)

diff --git a/policy/centos9/rke2-selinux.spec b/policy/centos9/rke2-selinux.spec
@@ -8,8 +8,9 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove
 mkdir -p /var/lib/rancher/rke2/data; \
 mkdir -p /var/run/flannel; \
 mkdir -p /var/run/k3s; \
-restorecon -R -i /etc/systemd/system/rke2.service; \
-restorecon -R -i /usr/lib/systemd/system/rke2.service; \
+restorecon -R -i /etc/systemd/system/rke2*; \
+restorecon -R -i /usr/local/lib/systemd/system/rke2*; \
+restorecon -R -i /usr/lib/systemd/system/rke2*; \
 restorecon -R /var/lib/cni; \
 restorecon -R /opt/cni; \
 restorecon -R /var/lib/kubelet; \

diff --git a/policy/centos9/rke2.fc b/policy/centos9/rke2.fc
@@ -7,6 +7,7 @@
 /etc/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /lib/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/local/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
+/usr/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/bin/rke2                                                       --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/bin/rke2                                                 --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 #/var/lib/cni(/.*)?                                                      gen_context(system_u:object_r:container_var_lib_t,s0)

diff --git a/policy/microos/rke2-selinux.spec b/policy/microos/rke2-selinux.spec
@@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove
 mkdir -p /var/lib/rancher/rke2/data; \
 mkdir -p /var/run/flannel; \
 mkdir -p /var/run/k3s; \
-restorecon -R -i /etc/systemd/system/rke2.service; \
-restorecon -R -i /usr/lib/systemd/system/rke2.service; \
+restorecon -R -i /etc/systemd/system/rke2*; \
+restorecon -R -i /usr/lib/systemd/system/rke2*; \
 restorecon -R /var/lib/cni; \
 restorecon -R /opt/cni; \
 restorecon -R /var/lib/kubelet; \

diff --git a/policy/microos/rke2.fc b/policy/microos/rke2.fc
@@ -7,6 +7,7 @@
 /etc/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /lib/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/local/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
+/usr/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/bin/rke2                                                       --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/bin/rke2                                                 --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 #/var/lib/cni(/.*)?                                                      gen_context(system_u:object_r:container_var_lib_t,s0)

diff --git a/policy/slemicro/rke2-selinux.spec b/policy/slemicro/rke2-selinux.spec
@@ -8,8 +8,8 @@ mkdir -p /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.ove
 mkdir -p /var/lib/rancher/rke2/data; \
 mkdir -p /var/run/flannel; \
 mkdir -p /var/run/k3s; \
-restorecon -R -i /etc/systemd/system/rke2.service; \
-restorecon -R -i /usr/lib/systemd/system/rke2.service; \
+restorecon -R -i /etc/systemd/system/rke2*; \
+restorecon -R -i /usr/lib/systemd/system/rke2*; \
 restorecon -R /var/lib/cni; \
 restorecon -R /opt/cni; \
 restorecon -R /var/lib/kubelet; \

diff --git a/policy/slemicro/rke2.fc b/policy/slemicro/rke2.fc
@@ -7,6 +7,7 @@
 /etc/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /lib/systemd/system/rke2.*                                          --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/local/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
+/usr/lib/systemd/system/rke2.*                                --  gen_context(system_u:object_r:container_unit_file_t,s0)
 /usr/bin/rke2                                                       --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/local/bin/rke2                                                 --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /opt/rke2/bin/rke2                                                  --  gen_context(system_u:object_r:container_runtime_exec_t,s0)