Skip to content

Commit a208fd7

Browse files
Peter-ShPeter-Sh
committed
Use /etc/redis/sentinel for sentinel configuration
It is not possible to use file labels as redis-sentinel tries to create temporary file in the same directory as sentinel.conf and since /etc/redis does not have redis_conf_t label it is unable to create this temporary file.
1 parent 6a9dff5 commit a208fd7

File tree

3 files changed

+10
-8
lines changed

3 files changed

+10
-8
lines changed

configs/redis-sentinel.service

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,6 @@ Documentation=http://redis.io/documentation
55

66
[Service]
77
Type=notify
8-
# Try to restore context for sentinel.conf* as sentinel needs to write into these files
9-
ExecStartPre=-/bin/sh -c "[ -x /sbin/restorecon ] && /sbin/restorecon '/etc/redis/sentinel.conf*'"
108
ExecStart=/usr/bin/redis-sentinel /etc/redis/sentinel.conf
119
TimeoutStopSec=0
1210
Restart=always
@@ -24,8 +22,6 @@ ReadOnlyDirectories=/
2422
ReadWriteDirectories=-/var/lib/redis
2523
ReadWriteDirectories=-/var/log/redis
2624
ReadWriteDirectories=-/run/sentinel
27-
# To run restorecon in ExecStartPre
28-
PermissionsStartOnly=yes
2925

3026
NoNewPrivileges=true
3127
CapabilityBoundingSet=CAP_SYS_RESOURCE

scripts/postinstall.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,10 @@ if command -v checkmodule &> /dev/null && command -v semodule_package &> /dev/nu
1010
semodule -i /usr/share/selinux/packages/redis-ce.pp
1111
fi
1212

13-
# Allow writing to /etc/redis/sentinel.conf* for redis-sentinel
13+
# Allow writing to /etc/redis/sentinel/ for redis-sentinel
1414
if command -v semanage &> /dev/null; then
15-
semanage fcontext -a -t redis_conf_t '/etc/redis/sentinel.conf*'
16-
restorecon '/etc/redis/sentinel.conf*'
15+
semanage fcontext -a -t redis_conf_t '/etc/redis/sentinel'
16+
restorecon '/etc/redis/sentinel'
1717
fi
1818

1919
#

templates/nfpm.yaml.tpl

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,12 @@ contents:
8888
mode: 0750
8989
owner: redis
9090
group: redis
91+
- dst: /etc/redis/sentinel
92+
type: dir
93+
file_info:
94+
mode: 0750
95+
owner: redis
96+
group: redis
9197
- src: ./configs/redis.conf
9298
dst: /etc/redis/redis.conf
9399
type: config|noreplace
@@ -96,7 +102,7 @@ contents:
96102
owner: redis
97103
group: redis
98104
- src: ./configs/sentinel.conf
99-
dst: /etc/redis/sentinel.conf
105+
dst: /etc/redis/sentinel/sentinel.conf
100106
type: config|noreplace
101107
file_info:
102108
mode: 0640

0 commit comments

Comments
 (0)