From 21f4c81832ef678ff2cb2dee66c1720919f0b721 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Wed, 2 Oct 2024 09:11:23 +0200
Subject: [PATCH] Fix SELinux context for local-path provisioner

---
 tasks/cluster_k3s.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tasks/cluster_k3s.yml b/tasks/cluster_k3s.yml
index 928ec39..51e19ae 100644
--- a/tasks/cluster_k3s.yml
+++ b/tasks/cluster_k3s.yml
@@ -204,9 +204,19 @@
       - "/var/lib/rancher/k3s"
       - "/var/lib/rancher/k3s/server"
       - "/var/lib/rancher/k3s/server/manifests"
+      - "/var/lib/rancher/k3s/storage"
     when:
       - kubernetes_master|bool
 
+# semanage fcontext -a -t container_file_t  "/var/lib/rancher/k3s/storage(/.*)?"
+  - name: Allow K3S local-path provisioner to create directories in /var/lib/rancher/k3s/storage
+    community.general.sefcontext:
+      target: '/var/lib/rancher/k3s/storage(/.*)?'
+      setype: container_file_t
+      state: present
+  - name: Apply new SELinux file context to filesystem
+    ansible.builtin.command: restorecon -R  /var/lib/rancher/k3s/storage/
+
   - name: Deploy Network Policies
     ansible.builtin.template:
       src: "{{ item }}.j2"