]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
systemd: Set PrivateDevices=false in ceph-mon@.service 44959/head
authorBenoît Knecht <bknecht@protonmail.ch>
Mon, 6 Dec 2021 08:29:43 +0000 (09:29 +0100)
committerBenoît Knecht <bknecht@protonmail.ch>
Wed, 9 Feb 2022 18:41:02 +0000 (19:41 +0100)
The `ceph-mon` daemon needs access to block devices to check the health of the
disk that backs its DB store (#24151).

Fixes: https://tracker.ceph.com/issues/52416
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 96de1c97608b81ab80d4be3160ac05d11d4b23c8)

systemd/ceph-mon@.service.in

index b7c92f278e345d0e14c501bb0f24c067d55881e3..2eba83c3cc9bcc5dcfeefd8bc2491a0b13574b58 100644 (file)
@@ -20,7 +20,10 @@ LockPersonality=true
 MemoryDenyWriteExecute=true
 # Need NewPrivileges via `sudo smartctl`
 NoNewPrivileges=false
-PrivateDevices=yes
+# We need access to block devices to check the health of the disk backing the
+# monitor DB store. It can be set to `true` if you're not interested in that
+# feature.
+PrivateDevices=false
 PrivateTmp=true
 ProtectControlGroups=true
 ProtectHome=true