systemd: ceph-mgr: set MemoryDenyWriteExecute to false

author Ricardo Dias <rdias@suse.com>

Wed, 8 May 2019 13:57:07 +0000 (14:57 +0100)

committer Ricardo Dias <rdias@suse.com>

Thu, 9 May 2019 06:36:43 +0000 (07:36 +0100)
author Ricardo Dias <rdias@suse.com>
Wed, 8 May 2019 13:57:07 +0000 (14:57 +0100)
committer Ricardo Dias <rdias@suse.com>
Thu, 9 May 2019 06:36:43 +0000 (07:36 +0100)
diff --git a/systemd/ceph-mgr@.service.in b/systemd/ceph-mgr@.service.in

index f85047153494987f6d1c637b5f855694344025f7..c98f6378b9725169a4c6d580ae984a49e7b12f2f 100644 (file)
--- a/systemd/ceph-mgr@.service.in
+++ b/systemd/ceph-mgr@.service.in
@@ -12,7 +12,11 @@ Environment=CLUSTER=ceph
  ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
  ExecReload=/bin/kill -HUP $MAINPID
  LockPersonality=true
-MemoryDenyWriteExecute=true
+
+# We need to disable this protection as some python libraries generate
+# dynamic code, like python-cffi, and require mmap calls to succeed
+MemoryDenyWriteExecute=false
+
  NoNewPrivileges=true
  PrivateDevices=yes
  ProtectControlGroups=true
author	Ricardo Dias <rdias@suse.com>
	Wed, 8 May 2019 13:57:07 +0000 (14:57 +0100)
committer	Ricardo Dias <rdias@suse.com>
	Thu, 9 May 2019 06:36:43 +0000 (07:36 +0100)