Skip to content

Commit

Permalink
Fixed dnsmasq SELinux config (#44)
Browse files Browse the repository at this point in the history
With the current configuration, dnsmasq-virt failed to start because dnsmasq config files didn't have `dnsmasq_etc_t` SELinux type. This commit fixes this.
  • Loading branch information
palonsoro authored Nov 28, 2024
1 parent 5c92b46 commit 55b412c
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions documentation/modules/ROOT/pages/lab-setup.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,9 @@ curl -sL https://raw.githubusercontent.com/RHsyseng/hypershift-baremetal-lab/{br
curl -sL https://raw.githubusercontent.com/RHsyseng/hypershift-baremetal-lab/{branch}/lab-materials/lab-env-data/dnsmasq/infrastructure-host.ipv4 -o /opt/dnsmasq/include.d/infrastructure-host.ipv4
curl -sL https://raw.githubusercontent.com/RHsyseng/hypershift-baremetal-lab/{branch}/lab-materials/lab-env-data/dnsmasq/dnsmasq-virt.service -o /etc/systemd/system/dnsmasq-virt.service
touch /opt/dnsmasq/hosts.leases
semanage fcontext -a -t dnsmasq_lease_t /opt/dnsmasq/hosts.leases
restorecon /opt/dnsmasq/hosts.leases
semanage fcontext -a -t dnsmasq_etc_t '/opt/dnsmasq(/.*)?' # semanage commands order is important
semanage fcontext -a -t dnsmasq_lease_t /opt/dnsmasq/hosts.leases # senabage commands order is important
restorecon -vr /opt/dnsmasq/
sed -i "s/UPSTREAM_DNS/1.1.1.1/" /opt/dnsmasq/upstream-resolv.conf
systemctl daemon-reload
systemctl enable dnsmasq-virt --now
Expand Down Expand Up @@ -263,4 +264,4 @@ Finally, remove the kubeadmin user:
[source,bash,subs="attributes+,+macros"]
-----
oc -n kube-system delete secret kubeadmin
-----
-----

0 comments on commit 55b412c

Please sign in to comment.