From 9921b2fd5ec68ca80251a6dd1e14a1c749b231e2 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 11 Apr 2023 19:24:02 -0500
Subject: [PATCH] burp1.p.b: Set collectd SELinux domain permissive

Using the *md* plugin generates AVC denials like this:

	type=AVC msg=audit(1681259123.636:338441): avc:  denied  { read } for  pid=1438759 comm="collectd" name="md1" dev="devtmpfs" ino=646 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0
---
 host_vars/burp1.pyrocufflink.blue.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/host_vars/burp1.pyrocufflink.blue.yml b/host_vars/burp1.pyrocufflink.blue.yml
index 9ac879e..3ac3e4a 100644
--- a/host_vars/burp1.pyrocufflink.blue.yml
+++ b/host_vars/burp1.pyrocufflink.blue.yml
@@ -1,3 +1,8 @@
 collectd_plugins:
   md: true
   thermal: true
+
+# collectd generates a bunch of AVC denials on Fedora 36.  We'll mark
+# its domain permissive until the problems are identified and resolved
+# upstream.
+collectd_selinux_permissive: true