Setting sebool container_manage_cgroup

Question

Setting sebool container_manage_cgroup

Opened this issue 6 years ago · 0 comments

vi roles/openshift_node/tasks/selinux_container_cgroup.yml

add when condition if selinux is disabled.

# Required in some selinux policy versions see
# https://bugzilla.redhat.com/show_bug.cgi?id=1587825
# https://bugzilla.redhat.com/show_bug.cgi?id=1549765
- name: Setting sebool container_manage_cgroup
  seboolean:
    name: container_manage_cgroup
    state: no
    persistent: yes
  when:
  - ansible_selinux
  - ansible_selinux.status == 'enabled'