Skip to content

Commit

Permalink
Support SELinux
Browse files Browse the repository at this point in the history
Signed-off-by: Yasumasa Suenaga <[email protected]>
  • Loading branch information
YaSuenag committed Mar 9, 2024
1 parent b5ca7ab commit d17b0ac
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
3 changes: 2 additions & 1 deletion samples/casdk-demo/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ See [nginx-rp.conf](nginx-rp.conf)

:::warning

[demo.sh](demo.sh) would create `/tmp/casdk-config.yaml` which may contain credentials (e.g. API token of backend service). This file would be removed by `./demo.sh stop`.
* [demo.sh](demo.sh) would create `/tmp/casdk-config.yaml` which may contain credentials (e.g. API token of backend service). This file would be removed by `./demo.sh stop`.
* [demo.sh](demo.sh) would change security context of [nginx-rp.conf](nginx-rp.conf) to `container_file_t` if SELinux is enabled. It would not recover in `./demo.sh stop`, so you need to recover manually via `restorecon` if need.

:::

Expand Down
8 changes: 8 additions & 0 deletions samples/casdk-demo/demo.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@ start () {
echo " $KEY: $VALUE" >> $CONFIGMAP
done


# Change security context of nginx-rp.conf because it would be mounted by
# NGINX container in demo.yaml.
SELINUX_MODE=`getenforce 2>/dev/null`
if [ "$SELINUX_MODE" = 'Enforcing' ]; then
chcon -t container_file_t $BASEDIR/nginx-rp.conf
fi

# Start Podman
# Move to BASEDIR because demo.yaml should refer nginx-rp.conf in that dir.
pushd $BASEDIR > /dev/null 2>&1
Expand Down

0 comments on commit d17b0ac

Please sign in to comment.