systemd: Set PrivateDevices=false in ceph-mon@.service

author Benoît Knecht <bknecht@protonmail.ch>

Mon, 6 Dec 2021 08:29:43 +0000 (09:29 +0100)

committer Benoît Knecht <bknecht@protonmail.ch>

Tue, 4 Jan 2022 13:38:32 +0000 (14:38 +0100)
author Benoît Knecht <bknecht@protonmail.ch>
Mon, 6 Dec 2021 08:29:43 +0000 (09:29 +0100)
committer Benoît Knecht <bknecht@protonmail.ch>
Tue, 4 Jan 2022 13:38:32 +0000 (14:38 +0100)
diff --git a/systemd/ceph-mon@.service.in b/systemd/ceph-mon@.service.in

index b7c92f278e345d0e14c501bb0f24c067d55881e3..2eba83c3cc9bcc5dcfeefd8bc2491a0b13574b58 100644 (file)
--- a/systemd/ceph-mon@.service.in
+++ b/systemd/ceph-mon@.service.in
@@ -20,7 +20,10 @@ LockPersonality=true
  MemoryDenyWriteExecute=true
  # Need NewPrivileges via `sudo smartctl`
  NoNewPrivileges=false
-PrivateDevices=yes
+# We need access to block devices to check the health of the disk backing the
+# monitor DB store. It can be set to `true` if you're not interested in that
+# feature.
+PrivateDevices=false
  PrivateTmp=true
  ProtectControlGroups=true
  ProtectHome=true
author	Benoît Knecht <bknecht@protonmail.ch>
	Mon, 6 Dec 2021 08:29:43 +0000 (09:29 +0100)
committer	Benoît Knecht <bknecht@protonmail.ch>
	Tue, 4 Jan 2022 13:38:32 +0000 (14:38 +0100)