From 5f19288d610c80c6ac79b7ebdae6a5315739a57b Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 27 Feb 2023 03:41:40 +0100
Subject: [PATCH] fix(system-upgrades): Fix path confusion for selinux module

Since the secrets path is only available inside the container, but the
systemd-run command is executed outside the container, it can't access
the secret path, therefore the file needs to be copied.
---
 clusters/k8s01/system-upgrades/iscsid_hotfix.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clusters/k8s01/system-upgrades/iscsid_hotfix.yaml b/clusters/k8s01/system-upgrades/iscsid_hotfix.yaml
index ba05e9434..ea4f6a780 100644
--- a/clusters/k8s01/system-upgrades/iscsid_hotfix.yaml
+++ b/clusters/k8s01/system-upgrades/iscsid_hotfix.yaml
@@ -24,8 +24,9 @@ stringData:
     secrets="$(dirname $0)"
     semodule_dir="$(mktemp -d)"
 
+    cp "${secrets}/iscsid_hotfix.te" "${semodule_dir}/iscsid_hotfix.te"
     systemd-run --same-dir --wait --collect --service-type=exec dnf install -y selinux-policy-devel
-    systemd-run --same-dir --wait --collect --service-type=exec checkmodule -M -m -o "${semodule_dir}/iscsid_hotfix.mod" "$secrets/iscsid_hotfix.te"
+    systemd-run --same-dir --wait --collect --service-type=exec checkmodule -M -m -o "${semodule_dir}/iscsid_hotfix.mod" "${semodule_dir}/iscsid_hotfix.te"
     systemd-run --same-dir --wait --collect --service-type=exec semodule_package -o "${semodule_dir}/iscsid_hotfix.pp" "${semodule_dir}/iscsid_hotfix.mod"
     systemd-run --same-dir --wait --collect --service-type=exec semodule -i "${semodule_dir}/iscsid_hotfix.pp"
 
-- 
GitLab