reverting containerd to a non broken version

4878128e · entlein · efd5d547 · 4878128e · 4878128e · 4878128e
Commit 4878128e authored 2 years ago by entlein
--- a/roles/rke2/selinux/my-runc.te
+++ b/roles/rke2/selinux/my-runc.te
@@ -6,4 +6,6 @@ require {
        class bpf;
 }
 #============= container_runtime_t ==============
-allow container_runtime_t init_t:bpf prog_run;
\ No newline at end of file
+allow container_runtime_t init_t:bpf prog_run;
+
+DO NOT USE< DOES NOT WORK
\ No newline at end of file
--- a/roles/rke2/tasks/install_rke2.yml
+++ b/roles/rke2/tasks/install_rke2.yml
@@ -50,3 +50,7 @@
    semodule -i /etc/selinux/targeted/policy/my-rke2.pp
  when: ( 'control-plane' in group_names )

+- name: force downgrade containerd
+  shell: |
+    dnf install -y containerd.io-1.4.6-3.1.fc34
+
--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -21,6 +21,7 @@
      - fapolicyd
    state: latest

+
 - name: disable firewalld
  ansible.builtin.systemd:
    name: "firewalld"
@@ -87,16 +88,7 @@
    src: ../selinux/my-node-exporter.cil
    dest: /etc/selinux/targeted/policy/my-node-exporter.cil

- name: Copy SELinux Policies (runc)
-  template:
-    src: ../selinux/my-runc.te
-    dest: /etc/selinux/targeted/policy/my-runc.te

- name: Build SELinux exception module (runc)
-  shell: |
-    checkmodule -M -m -o /etc/selinux/targeted/policy/my-runc.mod /etc/selinux/targeted/policy/my-runc.te
-    semodule_package -o /etc/selinux/targeted/policy/my-runc.pp -m /etc/selinux/targeted/policy/my-runc.mod
-    semodule -i /etc/selinux/targeted/policy/my-runc.pp


 - name: Copy SELinux Policies